Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Jin Ye,Lulu Guo,Bowen Yang,Fangyu Li,Liang Du,Le Guan,Wenzhan Song

DOI: https://doi.org/10.1109/jestpe.2020.3045667

IF: 5.462

2021-08-01

IEEE Journal of Emerging and Selected Topics in Power Electronics

Abstract:Power electronics systems have become increasingly vulnerable to cyber–physical threats due to their growing penetration in the Internet-of-Things (IoT)-enabled applications, including connected electric vehicles (EVs). In response to this emerging need, a cyber–physical-security initiative was recently launched by the IEEE Power Electronics Society (PELS). With increasing connectivity due to vehicle-to-everything (V2X) and the number of electronic control units, connected EVs are facing greater cyber–physical security challenges. However, existing research extensively focuses on the network security of internal combustion engine vehicles and fails to address the cyber–physical security of EVs specifically. In this article, the challenges and future visions of cyber–physical security are discussed for connected EVs from the perspective of firmware security, vehicle charging safety, and powertrain control security. The vulnerabilities of EVs are investigated under a variety of cyberattacks, ranging from energy-efficiency-motivated attacks to safety-motivated attacks. Simulation results, including hardware-in-the-loop (HIL) results, are provided to further analyze the cyberattack impacts on both converter (device) and vehicle (system) levels. More importantly, an architecture for the next-generation power electronics systems is proposed to address the cyber–physical security challenges of EVs. Finally, potential research opportunities are discussed in detail, including detection and migration for firmware security, model-based, and data-driven detection and mitigation. To the best of our knowledge, this is the first comprehensive study on cyber–physical security of powertrain systems in modern EVs.

engineering, electrical & electronic

Alessandro Brighente,Mauro Conti,Denis Donadel,Radha Poovendran,Federico Turrin,Jianying Zhou

DOI: https://doi.org/10.48550/arXiv.2301.04587

2023-01-12

Abstract:Electric Vehicles (EVs) share common technologies with classical fossil-fueled cars, but they also employ novel technologies and components (e.g., Charging System and Battery Management System) that create an unexplored attack surface for malicious users. Although multiple contributions in the literature explored cybersecurity aspects of particular components of the EV ecosystem (e.g., charging infrastructure), there is still no contribution to the holistic cybersecurity of EVs and their related technologies from a cyber-physical system perspective. In this paper, we provide the first in-depth study of the security and privacy threats associated with the EVs ecosystem. We analyze the threats associated with both the EV and the different charging solutions. Focusing on the Cyber-Physical Systems (CPS) paradigm, we provide a detailed analysis of all the processes that an attacker might exploit to affect the security and privacy of both drivers and the infrastructure. To address the highlighted threats, we present possible solutions that might be implemented. We also provide an overview of possible future directions to guarantee the security and privacy of the EVs ecosystem. Based on our analysis, we stress the need for EV-specific cybersecurity solutions.

Cryptography and Security

Zeinab El-Rewini,Karthikeyan Sadatsharan,Daisy Flora Selvaraj,Siby Jose Plathottam,Prakash Ranganathan

DOI: https://doi.org/10.1016/j.vehcom.2019.100214

IF: 6.7

2020-06-01

Vehicular Communications

Abstract:As modern vehicles are capable to connect to an external infrastructure and Vehicle-to-Everything (V2X) communication technologies mature, the necessity to secure communications becomes apparent. There is a very real risk that today's vehicles are subjected to cyber-attacks that target vehicular communications. This paper proposes a three-layer framework (sensing, communication and control) through which automotive security threats can be better understood. The sensing layer is made up of vehicle dynamics and environmental sensors, which are vulnerable to eavesdropping, jamming, and spoofing attacks. The communication layer is comprised of both in-vehicle and V2X communications and is susceptible to eavesdropping, spoofing, man-in-the-middle, and sybil attacks. At the top of the hierarchy is the control layer, which enables autonomous vehicular functionality, including the automation of a vehicle's speed, braking, and steering. Attacks targeting the sensing and communication layers can propagate upward and affect the functionality and can compromise the security of the control layer. This paper provides the state-of-the-art review on attacks and threats relevant to the communication layer and presents countermeasures.

telecommunications,transportation science & technology

Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Safa Hamdare,Omprakash Kaiwartya,Mohammad Aljaidi,Manish Jugran,Yue Cao,Sushil Kumar,Mufti Mahmud,David Brown,Jaime Lloret

DOI: https://doi.org/10.3390/s23156716

IF: 3.9

2023-07-28

Sensors

Abstract:The increasing availability of Electric Vehicles (EVs) is driving a shift away from traditional gasoline-powered vehicles. Subsequently, the demand for Electric Vehicle Charging Systems (EVCS) is rising, leading to the significant growth of EVCS as public and private charging infrastructure. The cybersecurity-related risks in EVCS have significantly increased due to the growing network of EVCS. In this context, this paper presents a cybersecurity risk analysis of the network of EVCS. Firstly, the recent advancements in the EVCS network, recent EV adaptation trends, and charging use cases are described as a background of the research area. Secondly, cybersecurity aspects in EVCS have been presented considering infrastructure and protocol-centric vulnerabilities with possible cyber-attack scenarios. Thirdly, threats in EVCS have been validated with real-time data-centric analysis of EV charging sessions. The paper also highlights potential open research issues in EV cyber research as new knowledge for domain researchers and practitioners.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Peng Huang,Yinan Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/iecon.2017.8216086

2017-01-01

Abstract:This paper considers a framework of electrical cyber-physical systems (ECPSs) in which each bus and branch in a power grid is equipped with a controller and a sensor. By means of measuring the damages of cyber attacks in terms of cutting off transmission lines, three solution approaches are proposed to assess and deal with the damages caused by faults or cyber attacks. Splitting incident is treated as a special situation in cascading failure propagation. A new simulation platform is built for simulating the protection procedure of ECPSs under faults. The vulnerability of ECPSs under faults is analyzed by experimental results based on IEEE 39-bus system.

Mohammad Ali Sayed,Ribal Atallah,Chadi Assi,Mourad Debbabi

DOI: https://doi.org/10.1016/j.ijepes.2021.107784

2022-05-01

Abstract:The increasing need for reducing greenhouse gas emissions and the drive for green cities have promoted the use of electric vehicles due to their environmental benefits. In fact, countries have set their own targets and are offering incentives for people to purchase EVs as opposed to traditional gasoline-powered cars. Manufacturers have been hastily deploying charging stations to meet the charging requirements of the EVs on the road. This rapid deployment has contributed to the EV ecosystem’s lack of proper security measures. raising multiple questions related to the power grid security and vulnerability. In this paper, we offer a complete examination of the EV ecosystem from the vulnerability to the attacks and finally the solutions. We start by examining the existing vulnerabilities in the EV ecosystem that can be exploited to control the EV charging and launch attacks against the power grid. We then discuss the non-linear nature of the EV charging load and simulate multiple attacks that can be launched against the power grid using these EVs. EV loads have high reactive power demand which can have a larger impact on the grid compared to residential loads. We perform simulations on two power grids and demonstrate that while the grid can recover after a 48 MW attack utilizing traditional residential loads, a smaller 30 MW EV load attack can completely destabilize the system. Finally, we suggest several patches for the existing vulnerabilities and discuss two methods aimed at detecting EV attacks.

engineering, electrical & electronic

Zia Muhammad,Zahid Anwar,Bilal Saleem,Jahanzeb Shahid

DOI: https://doi.org/10.3390/en16031113

IF: 3.2

2023-01-20

Energies

Abstract:With the global energy crisis, increasing demand, and a national-level emphasis on electric vehicles (EVs), numerous innovations are being witnessed throughout the EV industry. EVs are equipped with sensors that maintain a sustainable environment for the betterment of society and enhance human sustainability. However, at the same time, as is the case for any new digital technology, they are susceptible to threats to security and privacy. Recent incidents demonstrate that these sensors have been misused for car and energy theft, financial fraud, data compromise, and have caused severe health and safety problems, amongst other things. To the best of our knowledge, this paper provides a first systematic analysis of EV sustainability, digital technologies that enhance sustainability, their potential cybersecurity threats, and corresponding defense. Firstly, three robust taxonomies have been presented to identify the dangers that can affect long-term sustainability domains, including (1) life and well-being, (2) safe environment, and (3) innovation and development. Second, this research measures the impact of cybersecurity threats on EVs and correspondingly to their sustainability goals. Third, it details the extent to which specific security controls can mitigate these threats, thereby allowing for a smooth transition toward secure and sustainable future smart cities.

energy & fuels

K. Sarieddine,M. A. Sayed,S. Torabi,R. Atallah,C. Assi

DOI: https://doi.org/10.48550/arXiv.2211.10603

2023-02-27

Abstract:In this paper, we study the security posture of the EV charging ecosystem against a new type of remote that exploits vulnerabilities in the EV charging mobile applications as an attack surface. We leverage a combination of static and dynamic analysis techniques to analyze the security of widely used EV charging mobile applications. Our analysis was performed on 31 of the most widely used mobile applications including their interactions with various components such as cloud management systems. The attack, scenarios that exploit these vulnerabilities were verified on a real-time co-simulation test bed. Our discoveries indicate the lack of user/vehicle verification and improper authorization for critical functions, which allow adversaries to remotely hijack charging sessions and launch attacks against the connected critical infrastructure. The attacks were demonstrated using the EVCS mobile applications showing the feasibility and the applicability of our attacks. Indeed, we discuss specific remote attack scenarios and their impact on EV users. More importantly, our analysis results demonstrate the feasibility of leveraging existing vulnerabilities across various EV charging mobile applications to perform wide-scale coordinated remote charging/discharging attacks against the connected critical infrastructure (e.g., power grid), with significant economical and operational implications. Finally, we propose countermeasures to secure the infrastructure and impede adversaries from performing reconnaissance and launching remote attacks using compromised accounts.

Cryptography and Security

Shanthan Kumar Padisala,Shashank Dhananjay Vyas,Satadru Dey

2024-01-25

Abstract:Technological advancements like the Internet of Things (IoT) have facilitated data exchange across various platforms. This data exchange across various platforms has transformed the traditional battery system into a cyber physical system. Such connectivity makes modern cyber physical battery systems vulnerable to cyber threats where a cyber attacker can manipulate sensing and actuation signals to bring the battery system into an unsafe operating condition. Hence, it is essential to build resilience in modern cyber physical battery systems (CPBS) under cyber attacks. The first step of building such resilience is to analyze potential adversarial behavior, that is, how the adversaries can inject attacks into the battery systems. However, it has been found that in this under-explored area of battery cyber physical security, such an adversarial threat model has not been studied in a systematic manner. In this study, we address this gap and explore adversarial attack generation policies based on optimal control framework. The framework is developed by performing theoretical analysis, which is subsequently supported by evaluation with experimental data generated from a commercial battery cell.

Systems and Control

Shah Khalid Khan,Nirajan Shiwakoti,Peter Stasinopoulos,Yilun Chen

DOI: https://doi.org/10.1016/j.aap.2020.105837

Abstract:Modern-day Connected and Autonomous Vehicles (CAVs) with more than 100 million code lines, running up-to a hundred Electronic Control Units (ECUs) will create and exchange digital information with other vehicles and intelligent transport networks. Consequently, ubiquitous internal and external communication (controls, commands, and data) within all CAV-related nodes is inevitably the gatekeeper for the smooth operation. Therefore, it is a primary vulnerable area for cyber-attacks that entails stringent and efficient measures in the form of "cybersecurity". There is a lack of systematic and comprehensive review of the literature on cyber-attacks on the CAVs, respective mitigation strategies, anticipated readiness, and research directions for the future. This study aims to analyse, synthesise, and interpret critical areas for the roll-out and progression of CAVs in combating cyber-attacks. Specifically, we described in a structured way a holistic view of potentially critical avenues, which lies at the heart of CAV cybersecurity research. We synthesise their scope with a particular focus on ensuring effective CAVs deployment and reducing the probability of cyber-attack failures. We present the CAVs communication framework in an integrated form, i.e., from In-Vehicle (IV) communication to Vehicle-to-Vehicle (V2X) communication with a visual flowchart to provide a transparent picture of all the interfaces for potential cyber-attacks. The vulnerability of CAVs by proximity (or physical) access to cyber-attacks is outlined with future recommendations. There is a detailed description of why the orthodox cybersecurity approaches in Cyber-Physical System (CPS) are not adequate to counter cyber-attacks on the CAVs. Further, we synthesised a table with consolidated details of the cyber-attacks on the CAVs, the respective CAV communication system, its impact, and the corresponding mitigation strategies. It is believed that the literature discussed, and the findings reached in this paper are of great value to CAV researchers, technology developers, and decision-makers in shaping and developing a robust CAV-cybersecurity framework.

Roberto Metere,Zoya Pourmirza,Sara Walker,Myriam Neaimeh

DOI: https://doi.org/10.48550/arXiv.2209.07842

2022-09-16

Cryptography and Security

Abstract:Electric vehicles (EVs) are key to alleviate our dependency on fossil fuels. The future smart grid is expected to be populated by millions of EVs equipped with high-demand batteries. To avoid an overload of the (current) electricity grid, expensive upgrades are required. Some of the upgrades can be averted if users of EVs participate to energy balancing mechanisms, for example through bidirectional EV charging. As the proliferation of consumer Internet-connected devices increases, including EV smart charging stations, their security against cyber-attacks and the protection of private data become a growing concern. We need to properly adapt and develop our current technology that must tackle the security challenges in the EV charging infrastructure, which go beyond the traditional technical applications in the domain of energy and transport networks. Security must balance with other desirable qualities such as interoperability, crypto-agility and energy efficiency. Evidence suggests a gap in the current awareness of cyber security in EV charging infrastructures. This paper fills this gap by providing the most comprehensive to date overview of privacy and security challenges To do so, we review communication protocols used in its ecosystem and provide a suggestion of security tools that might be used for future research.

Narayan Bhusal,Mukesh Gautam,Mohammed Benidris

DOI: https://doi.org/10.48550/arXiv.2008.07511

2020-08-18

Abstract:In concept, a smart charging management system (SCMS) optimizes the charging of plug-in vehicles (PEVs) and provides various grid services including voltage control, frequency regulation, peak shaving, renewable energy integration support, spinning reserve, and emergency demand response. These functionalities largely depend upon data collected from various entities such as PEVs, electric vehicle supply equipment (EVSE), service providers, and utilities. SCMS can be susceptible to both cyber and physical threats (e.g. man-in-the-middle attack, data intrigued attack, denial of charging, physical-attack) due to interactions of and interdependencies between cyber and physical components. Cyber-physical threats through highly connected malware vectors raise various concerns including public safety hazards to vehicle operators and those in the immediate vicinity as well as disruptions to electric grid operations. This paper describes the concept of SCMS and provides a comprehensive review of the cybersecurity aspects of EVSEs and SCMSs with their possible impacts on the power grid and society. It also contributes to the development of cybersecurity measures to the SCMSs. Various functions of SCMS are reviewed in detail including peak shaving, demand charge reduction, frequency regulation, spinning reserve, renewable integration support, distribution congestion management, reactive power compensation, and emergency demand response with unidirectional PEVs charging. Also, a critical literature survey on current practices of SCMS cybersecurity is provided to explore major impacts and challenges of cyber-physical attacks and to identify research gaps and vulnerabilities in currently available SCMSs technologies.

Systems and Control

Harshavardhan Palahalli,Marziyeh Hemmati,Giambattista Gruosso

DOI: https://doi.org/10.3390/electronics11121861

IF: 2.9

2022-06-13

Electronics

Abstract:This article presents an optimal distributed energy resource management system for a smart grid connected to photovoltaics, battery energy storage, and an electric vehicle aggregator. These management systems are one of the key factors for the optimal control of power converters connected to the grid. The proposed management system includes the communication architecture necessary for realizing the information flow between the individual control of the distributed generators and the master supervisory control algorithm. The work carried out on two levels is first to design a control strategy for energy management and validate it with the grid in real-time hardware-in-the-loop simulation integrating the IEC61850 communication layer and physical intelligent electronic devices. The second is to analyze the vulnerabilities of the designed methodology for cybersecurity threats explicitly with the extension of IEC61850 to electric vehicle aggregators for communication with the master energy management. A man-in-the-middle attack conducted in the supervisory communication layer enabled us to investigate the effects of such an attack on the performance and operation of the smart electric grid.

engineering, electrical & electronic,computer science, information systems,physics, applied

Samrat Acharya,Hafiz Anwar Ullah Khan,Ramesh Karri,Yury Dvorkin

2023-11-11

Abstract:This paper examines the feasibility of demand-side cyberattacks on power grids launched via internet-connected high-power EV Charging Stations (EVCSs). By distorting power grid frequency and voltage, these attacks can trigger system-wide outages. Our case study focuses on Manhattan, New York, and reveals that such attacks will become feasible by 2030 with increased EV adoption. With a single EVCS company dominating Manhattan, compromising a single EVCS server raises serious power grid security concerns. These attacks can overload power lines and trip over-frequency (OF) protection relays, resulting in a power grid blackout. This study serves as a crucial resource for planning authorities and power grid operators involved in the EV charging infrastructure roll-out, highlighting potential cyberthreats to power grids stemming from high-power EVCSs.

Systems and Control

Samrat Acharya,Yury Dvorkin,Ramesh Karri

DOI: https://doi.org/10.48550/arXiv.1907.08283

2020-02-28

Abstract:High-wattage demand-side appliances such as Plug-in Electric Vehicles (PEVs) are proliferating. As a result, information on the charging patterns of PEVs is becoming accessible via smartphone applications, which aggregate real-time availability and historical usage of public PEV charging stations. Moreover, information on the power grid infrastructure and operations has become increasingly available in technical documents and real-time dashboards of the utilities, affiliates, and the power grid operators. The research question that this study explores is: Can one combine high-wattage demand-side appliances with public information to launch cyberattacks on the power grid? To answer this question and report a proof of concept demonstration, the study scrapes data from public sources for Manhattan, NY using the electric vehicle charging station smartphone application and the power grid data circulated by the US Energy Information Administration, New York Independent System Operator, and the local utility in New York City. It then designs a novel data-driven cyberattack strategy using state-feedback based partial eigenvalue relocation, which targets frequency stability of the power grid. The study establishes that while such an attack is not possible at the current penetration level of PEVs, it will be practical once the number of PEVs increases.

Systems and Control

Manoj Basnet,Mohd. Hasan Ali

DOI: https://doi.org/10.1049/gtd2.12275

2021-08-27

Abstract:The surging usage of electric vehicles (EVs) demand the robust deployment of trustworthy electric vehicle charging station (EVCS) with millisecond range latency and massive machine to machine communications where 5G could act. However, 5G suffers from inherent protocols, hardware, and software vulnerabilities that seriously threaten the communicating entities' cyber-physical security. To overcome these limitations in the EVCS system, this paper analyses the impact of False Data Injection (FDI) and Distributed Denial of Services (DDoS) attacks on the operation of EVCS. This work is an extension of the previously published conference paper about the EVCS. As new features, this paper simulates the FDI attack and the syn flood DDoS attacks on 5G enabled remote Supervisory Control and Data Acquisition (SCADA) system that controls the solar photovoltaics (PV) controller, Battery Energy Storage (BES) controller, and EV controller of the EVCS. The extent of delay has been increased to more than 500 ms with the severe DDoS attack via 5G. The attacks make the EVCS system oscillate or shift the DC operating point. The frequency of oscillation, its damping, and the system's resiliency are found to be related to the attacks' intensity and the target controller. Finally, the novel stacked Long Short-Term Memory (LSTM) based intrusion detection systems (IDS) are proposed solely based on the electrical fingerprint. This model can detect the stealthy cyberattacks that bypass the cyber layer and go unnoticed in the monitoring system with nearly 100% detection accuracy.

engineering, electrical & electronic

Samrat Acharya,Robert Mieth,Charalambos Konstantinou,Ramesh Karri,Yury Dvorkin

DOI: https://doi.org/10.1109/tsg.2021.3133536

IF: 10.275

2022-03-01

IEEE Transactions on Smart Grid

Abstract:Cyberattacks in the energy sector are commonplace. Load-altering cyberattacks launched via the manipulations of high-wattage appliances and assets are particularly alarming, as they are not continuously monitored by electric power utilities. Public Electric Vehicle Charging Stations (EVCSs) are among such high-wattage assets. Even EVCSs monitored by the electric power utilities and protected by state-of-the-art defense mechanisms are vulnerable to cyberattacks. Such cyberattacks cause financial losses to the EVCSs. In this paper, we propose cyber insurance for EVCSs to hedge the economic loss due to such cyberattacks and develop a data-driven cyber insurance design model for public EVCSs. Under mild modeling assumptions, we derive an optimal cyber insurance premium. Then, we ensure the robustness of this optimal premium and investigate the risk of insuring the EVCSs using a suitable risk assessment metric (Conditional Value-at-Risk). A case study with data from EVCSs in Manhattan, New York illustrates our results. Our results demonstrate that risk assessment is crucial for designing insurance premiums. Furthermore, the premium increases in proportion to the loss coverage offered for the EVCSs. This work informs the stakeholders involved in the roll-out and operation of public EVCSs about the benefits of cyber insurance and suggests that insurance premiums can be reduced by deploying state-of-the-art defense mechanisms.

engineering, electrical & electronic

Chaitra Niddodi,Shanny Lin,Sibin Mohan,Hao Zhu

DOI: https://doi.org/10.48550/arXiv.1905.01035

2019-08-05

Abstract:This paper focuses on the secure integration of distributed energy resources (DERs), especially pluggable electric vehicles (EVs), with the power grid. We consider the vehicle-to-grid (V2G) system where EVs are connected to the power grid through an aggregator. In this paper, we propose a novel Cyber-Physical Anomaly Detection Engine that monitors system behavior and detects anomalies almost instantaneously. This detection engine ensures that the critical power grid component (viz.,aggregator)remains secure by monitoring(a)cyber messages for various state changes and data constraints along with (b)power data on the V2G cyber network using power measurements from sensors on the physical/power distribution network. Since the V2G system is time-sensitive, the anomaly detection engine also monitors the timing requirements of the protocol messages to enhance the safety of the aggregator. To the best of our knowledge, this is the first piece of work that combines(a)the EV charging/discharging protocols, the(b)cyber network and(c)power measurements from physical network to detect intrusions in the EV to power grid system.

Systems and Control