You are on page 1of 73

AN ENHANCED PUBLIC KEY INFRASTRUCTURE TO

SECURE SMART GRID WIRELESS


COMMUNICATION NETWORKS

ABSTRACT

The Smart Grid is an electrical power infrastructure that makes intelligent decisions about the
state of the electrical power system to maintain a stable environment. It is expected that the smart
grid will radically add new functionalities to legacy electrical power systems. However, believe
that this will in turn introduce many new security risks. With the smart grid’s backbone
communication networks and sub networks, there are possible scenarios when these sub
networks can become vulnerable to attacks. Ensuring security in these networks is challenging
because most devices are resource constrained. In addition, different protocols that are used in
these networks use their own set of security requirements. In this article, the securities
Requirements of smart grid communication networks are firstly identified. The public key
infrastructure (PKI) is a viable solution; it has some difficulties to satisfy the requirements in
availability, privacy preservation, and scalability. To complement the functions of PKI, introduce
some novel mechanisms so that those security requirements can be met. In particular, propose
a mechanism to efficiently resist Denial-of-Service (DoS) attacks, and some suggestions to the
security protocol design for different application categories.
CHAPTER 1

INTRODUCTION

The Smart Grid is an electrical power infrastructure that makes intelligent decisions about the
state of the electrical power system to maintain a stable environment. The easiest way to the
Smart Grid is by its characteristics. The Smart Grid is an upgrade to the current electrical power
system, so it has all of the functionality of our current power system plus several new
functionalities.

 Self-healing
 Motivates and includes the consumer
 Resists attack
 Increases power quality
 Accommodates all generation and storage options
 Enables electrical markets

Optimizes assets and operates efficiently The Smart Grid will be self-healing. This means that it
can redirect and adjust the electricity in the event that an electrical transmission path is
interrupted. This is done by a continuous self-assessment of the state of the power system. As a
result, this can reduce the frequency and duration of major blackouts. It is estimated that the
August 14, 2003 blackout in the U.S. and Canada had a societal cost of $10 billion. Reducing the
number of major blackouts and their severity will reduce the economic losses our society incurs
during these blackouts. The Smart Grid will motivate and include the customers. There is
currently minimal interaction between customers and suppliers in the electrical power system.
The Smart Grid provides customers with more information and options about their electrical
power. In theory this will allow customers to make better decisions about their power usage that
will not only save them money, but will also promote competition between power suppliers. This
is done by enabling two-way communication between energy consumers and suppliers. The mart
Grid can also interact with electrical appliances in a customer's home. This interaction allows
appliances to schedule their run time when electricity is at the cheapest price.
The Smart Grid will be resilient to attacks and natural disasters. The Smart Grid will not only
be resilient to physical attacks, but also cyber attacks. The electrical power grid is a complicated
system that is at the root of most U.S. economic growth. This makes the electrical power grid a
critical asset, and damage to it can have devastating affects to our society's welfare. Parallels are
drawn between the electrical power grid and the Roman aqueduct system. Over time the Roman
aqueducts underwent design changes. As the Roman Empire grew, the level of perceived threat
lowered. This lead to design changes that were less concerned with security and more with form
and functionality. Then towards the end of the Roman Empire these aqueducts became easy
military targets for invading forces because of the design changes. Attacks against Roman
Aqueducts had major social impacts because they had become a critical system that the Romans
depended on. The electrical power system is a critical asset that we rely on, and it needs to be
resilient to all forms of
attack.

Fig. 1. Smart grid conceptual model

The Smart Grid will provide an increase in electrical power quality. Electricity is not only
required to be available at all times from the power grid, but it must also maintain a constant
voltage. Some manufacturing processes are very sensitive to voltage variations. A dip in voltage
lasting less than 100 milliseconds can have the same effect as power loss for several minutes or
more on some industrial processes. These voltage uctuations are estimated to cause productivity
losses in commercial facilities ranging from thousands to millions of dollars per event. It is
estimated that by 2011, 16% of the electrical load will require digital quality power.
The Smart Grid will accommodate all generation and storage options available. The integration
of renewable energy sources into the electric power grid has several complications. The current
electric power grid is a broadcast model that is designed to only allow the one-way of electricity
from a one-generation source to many consumers. Renewable energy sources are often
geographically separated from traditional power sources, and when they are integrated into the
power grid it is as distributed power sources. Since the electrical power grid was designed for
only a single power source and not multiple distributed power sources, this causes complications.
Germany has experienced issues related to problems in their electrical power grid. Customers
using solar panels could overload the electrical power system when surges of power come from
the solar panels. Fossil fuels are not a sustainable energy source, and as a result new alternative
power sources will be explored.
The Smart Grid will be able to support these new energy sources along with the traditional power
sources. The Smart Grid will enable electrical markets. Electrical markets in the Smart Grid will
encourage competition among power suppliers. This competition will promote power suppliers
to develop cheaper and more efficient means of power generation. This will drive down the
prices of electrical power for customers as suppliers compete for their business. The Smart Grid
will also support distributed power sources. This opens the door for new electrical power
suppliers and electrical service providers to enter the electrical market. The electrical market will
broadcast current electricity prices based on a supply-demand model. Electricity will be more
expensive when the load or demand is high, and it will be cheaper when there is surplus
electricity. Customers can use this information to schedule tasks that use large amounts of
electricity at a time when electricity is cheaper. The Smart Grid will optimize assets and operate
efficiently. The features that will make the Smart Grid self-healing can also be used for asset
management. The Smart Grid will be able to automatically assess equipment condition and
manage equipment configuration.
This management automation can be done at substantially lower costs compared to manual
management. The Automation of equipment management will also reduce the chance of
equipment failure since the Degradation of equipment can be tracked. The Smart Grid will also
incorporate new technologies that will reduce energy loss during electrical transit. This reduction
in energy loss will increase the electrical power grid's efficiency by eliminating excess power
waste.
Smart Grid Cyber Security Risks
The Smart Grid is going to add new functionality to the current electrical power system.
However, it will also introduce several new security risks into the system. We rely on the
electrical power grid for electricity, and our dependence on electricity makes the electrical power
grid a critical asset. Disruption of the electrical power supply will have large societal impacts.
The security of the electrical power grid is an important issue. The Smart Grid will introduce
several new security risks related to its communication requirements, system automation, new
technologies, and data collection.
The backbone of the Smart Grid will be its network. This network will connect the different
components of the Smart Grid together, and allow two-way communication between them. Net-
working the components together will introduce security risks into the system, but it is required
to implement many of the main functionalities of the Smart Grid. Networking the different com-
ponents together will increase the complexity of the electrical power grid, which will then
increase the number of opportunities for new security vulnerabilities. Also, the number of entry
points that can be used to gain access to the electrical power system will increase when all of the
components are networked together.
The Smart Grid will use the data transported by the electrical power grid network and software
to maintain the power system automatically. Relying on the power grid network to transport
system information introduces security risks. Some of the components require real-time data, and
latency or data loss can have adverse affects on the electrical power grid. The software managing
the system state is also at risk to malicious code that can alter its functionality. A disruption to
communications or the state management software can lead to loss of power or in extreme cases
injury or loss of life.
Networking the different components of the electrical power system together is going to require
that different technologies interact with each other. This interaction between different
technologies will introduce new security risks. The Smart Grid will have to support legacy
systems. Legacy systems typically do not implement newer security features that modernized
systems have, and a system is only as secure as its weakest link. In addition, the new
technologies that are being used in the Smart Grid may have security vulnerabilities in them that
can be exploited. The Smart Grid will be collecting more data than the current electrical power
system. It is estimated that there will be a data increase of an order of magnitude. This increase
in data collection can have possible security privacy issues. The Smart Grid will also be
collecting new types of information that were not recorded in the past, and this can lead to more
privacy issues.
New capabilities for smart grid systems and networks, such as distributed intelligence and
broadband capabilities, can greatly enhance efficiency and reliability, but they may also create
many new vulnerabilities if not deployed with the appropriate security controls. Providing
security for such a large system may seem an unfathomable task, and if done incorrectly, can
leave utilities open to cyber attacks. By building on knowledge, solutions, and standards from
other systems and industries, the best security solutions can be utilized for each portion of the
smart grid communications network. Clearly, Internet-based protocols, such as IPv4 and IPv6,
which have been developed over many years, and which have widespread use, will provide a
cost-effective baseline transport. Layering the suite of security protocols developed for IP [such
as IPSec and Transport Layer Security (TLS)] on this baseline transport capitalizes on the vast
work done in this area by protocol and industry experts.
While the smart grid system is made up of a number of “energy subsystems , many of the
communications and security components, as listed below, are common between these energy
subsystems. One subsystem which is at the core of smart grid systems is the Supervisory Control
And Data Acquisition (SCADA) solution.
Multiple vendors offer SCADA solutions, which have varying capabilities and security
mechanisms. While some standards exist around SCADA, such as Distributed Network Protocol
3 (DNP3), Generic Object Oriented Substations Events (GOOSE), IEC 61850, and IEC 60870-5,
there is still a need to make more consistent the security solutions applied to SCADA
deployments.
A second component, key to smart grid systems, is a number of secure, highly available wireless
networks. These would include wide area, land mobile radio (LMR) systems, as well as
broadband networks, such as WLAN and WiMax. A third key element is a comprehensive
security solution. This paper presents a security solution for smart grid which heavily leverages
public key infrastructure (PKI) technology and trusted computing techniques. Then the legacy
power infrastructure is augmented by a communication infrastructure, it becomes a smart grid.
This additional communication infrastructure facilitates the exchange of state and control
information among different components of the power infrastructure. As a result, the power grid
can operate more reliably and efficiently.
Although deploying the smart grid enjoys enormous social, environmental and technical benefits,
the incorporation of information and communication technologies into the power infrastructure
will introduce many security challenges. For example, it is estimated that the data to be collected
by the smart grid will be an order of magnitude more than that of existing electrical power
systems. This increase in data collection can possibly introduce security and privacy risks.
Moreover, the smart grid will be collecting new types of information that were not recorded in
the past, and this can lead to more privacy issues.
An essential part of the smart grid will be its communication networks. This is a three-tier
network which connects the different components of the smart grid together, and allows two-way
information flow. The first tier connects the transmission system located at the power plant
and the control centers of Neighborhood Area Network (NAN). Each NAN comprises a number
of Building Area Networks (BANs) and provides them interfaces to the utility’s wide-area
network. Here, BANs are customer networks and belong to the second tier of the shown system.
Each BAN consists of a number of third-tier networks, Home Area Network (HANs). The HAN
is a customer premises network which manages the on-demand power requirements of end users.
Note that there is no standard definition of these networks yet. Their structures described above
feature a practical configuration that can be found in established smart grids. While different
components of the power infrastructure of the smart grid are networked together to exchange
information. There is a potential increase of the security risk of the system. For example, it will
increase the complexity of the electrical power grid, which in turn can increase new security
vulnerabilities. Also, the number of entry points that can be used to gain access to the electrical
power system will increase when all of the components are networked together.
In the remainder of this article, mainly focus on the security of wireless communication sub
networks of the smart grid. Security in wired links can be achieved by existing techniques such
as firewalls, virtual private networks, Secure Shell or other higher layer security mechanisms.
However, wireless communication networks’ security in the smart grid is still considered a big
challenge compared to its wired counterpart.
Due to their dynamically changing topologies and the open nature of the communication
medium, wireless communication networks are vulnerable to attacks that are easier to launch
than in the wired domain. In addition, many of the already used protocols use their own sets of
security requirements. Another issue is that legacy devices with constraints (e.g., limited CPU
processing power, transmission rate, storage, etc.) are still deployed in the smart grid.
In this article, we first identify the requirements to secure smart grid wireless communication
networks, and argue that public key infrastructure (PKI) is a promising solution. At the same
time, we also point out some limitations of PKI in securing smart grids. We then introduce a set
of novel mechanisms to mitigate the limitations of PKI. In particular, since DoS attacks have
severe consequences on availability, which is the most important security objective of smart
grids, we propose a mechanism to efficiently resist DoS attacks against adversaries and
legitimate insiders. Also, some suggestions to the security protocol design for different
application categories are presented.
CHAPTER 2

LITERATURE SURVEY

1) Y.-J. Kim et al., “A Secure Decentralized Data-Centric Information Infrastructure for


Smart Grid,” IEEE Commun. Mag., vol. 48, no. 11, 2010, pp. 58–65.
The power grid has been undergoing transformative changes due to the greater penetration of
renewable energy sources and increased focus on power demand shaping. These innovative
transformations on the grid require a flexible IP-based communication grid that is reliable and
secure. In this article we describe an IP-based decentralized and data-centric information
infrastructure that can reliably, securely, and cost-effectively support the operation and
innovative applications of the next generation grid. The proposed infrastructure differs from a
typical distributed system since it addresses the specific requirements of power applications such
as security, distributed data sources, latency sensitive data transactions and real time event
updates. The work presented here paves the way for a future data-centric power network
infrastructure. propose a secure middleware architecture that leverages these features and can
support the operation of the power grid reliably, efficiently, and scalably by eliminating
bottleneck failure points. The information infrastructure presented here differs from a typical
distributed system due to traits that are characteristics of the power grid applications such as the
coexistence of both of LAN and WAN system, strict requirements of both latency and reliability
and a combination of both data and event transactions.

2)J. Liu et al., “Cyber Security and Privacy Issues in Smart Grids,” IEEE
Commun.Surveys Tuts., vol. 14, no. 4, 2012, pp. 981–97.
Cyber security in the Smart Grid is a new area of research that has attracted rapidly growing
attention in the government, industry and academia. In this paper, presented a comprehensive
survey of security issues in the Smart Grid. We introduced the communication architecture
and security requirements, analyzed security vulnerabilities through case studies, and discussed
attack prevention and defense approaches in the Smart Grid. We also summarized the design of
secure network protocols to achieve efficient and secure information delivery in the Smart Grid.
As we have reviewed, cyber security is still under development in the Smart Grid, especially
because information security must be taken into account with electrical power systems. Features
of the Smart Grid communication network, such as heterogeneous devices and network
architecture, delay constraints on different time scales, scalability, and diversified capabilities of
embedded devices, make it indeed impractical to uniformly deploy strong security approaches all
over the Smart Grid.

3)V.C. Gungor, B. Lu, and G.P. Hancke, “Opportunities and Challenges of Wireless Sensor
Networks in Smart Grid,” IEEE Trans. Ind. Electron., vol. 57, no. 10, Oct. 2010, pp. 3557–
64.
The collaborative and low-cost nature of wireless sensor networks (WSNs) brings significant
advantages over traditional communication technologies used in today’s electric power systems.
Recently, WSNs have been widely recognized as a promising technology that can enhance
various aspects of today’s electric power systems, including generation, delivery, and utilization,
making them a vital component of the next-generation electric power system, the smart grid.
However, harsh and complex electric-power-system environments pose great challenges in the
reliability of WSN communications in smart-grid applications. This paper starts with an
overview of the application of WSNs for electric power systems along with their opportunities
and challenges and opens up future work in many unexploited research areas in diverse smart-
grid applications. Then, it presents a comprehensive experimental study on the statistical
characterization of the wireless channel in different electric-power-system environments,
including a 500-kV substation, an industrial power control room, and an underground network
transformer vault. Field tests have been performed on IEEE 802.15.4-compliant wireless sensor
nodes in real-world power delivery and distribution systems to measure background noise,
channel characteristics, and attenuation in the 2.4-GHz frequency band. Overall, the empirical
measurements and experimental results provide valuable insights about IEEE 802.15.4-
compliant sensor network platforms and guide design decisions and tradeoffs for WSN-based
smart-grid applications.
4) Y. Fan et al., “Network Coding based Privacy Preservation Against Traffic Analysis
in Multi-Hop Wireless Networks,” IEEE Trans. Wireless Commun., vol. 10, no. 3, 2011, pp.
834–43.
Traffic analysis presents a serious threat to wireless network privacy due to the open nature of
wireless medium. In multi-hop wireless network (MWN), the mobile nodes relay others’ packets
for enabling new applications and enhancing the network deployment and performance. Privacy
threat is one of the critical issues in multihop wireless networks, where the involves such as
traffic analysis can be easily launched by a malicious adversary due to the open air transmission
.Network coding has the potential to traffic analysis attacks since the coding /maxing operation is
encouraged at intermediate nodes. in this paper we propose a novel network coding based
privacy preserving scheme against traffic analysis in multihop wireless networks. The network
coding allows intermediate nodes to perform computation on input messages, making output
messages be the mixture of the input ones. Whenever there is a transmission opportunity on an
outgoing link, an outgoing packet is formed by taking a random combination of packets in the
current buffer. Packet tagging and buffering are key for practical network coding. In practical
network coding, source information should be divided into blocks with h packets in each block.
All coded packets related to the kth block belong to generation k and random coding is only
performed among the packets in the same generation .Packets with a generation need to be
synchronized by buffering for the purpose of network coding at intermediate nodes.

5) D. P. Varodayan and G.X. Gao, “Redundant Metering for Integrity with Information-
Theoretic Confidentiality,” Proc. IEEE SmartGridComm, Oct. 2010, pp. 345–49.
Redundant metering is frequently used to verify the integrity of billing data reported by advanced
metering infrastructure, but the redundant measurement introduces a potential confidentiality
leak. We propose a way to encode the redundant measurement at a bit rate below its entropy, so
that it cannot be decoded from the encoded bits alone. In this way, we guarantee information-
theoretic confidentiality, regardless of the computational power of an eavesdropper. We provide
practical Slepian-Wolf codes to realize security of up to 5 bit/sample for 8-bit samples based on
actual power metering experiments.
6)A. Liu and P. Ning, “TinyECC: A Configurable Library for Elliptic Curve Cryptography
in Wireless Sensor Networks,” Proc. IPSN, 2008, pp. 245–56.
Public Key Cryptography (PKC) has been the enabling technology underlying many security
services and protocols in traditional networks such as the Internet. In the context of wireless
sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is
being investigated to provide PKC support in sensor network applications so that the existing
PKC-based solutions can be exploited. This paper presents the design, implementation, and
evaluation of TinyECC, a configurable library for ECC operations in wireless sensor networks.
The primary objective of TinyECC is to provide a ready-to-use, publicly available software
package for ECC-based PKC operations that can be flexibly configured and integrated into
sensor network applications. TinyECC provides a number of optimization switches, which can
turn specific optimizations on or off based on developers’ needs. Different combinations of the
optimizations have different execution time and resource consumptions, giving developers great
flexibility in integrating TinyECC into sensor network applications. This paper also reports the
experimental evaluation of TinyECC on several common sensor platforms, including MICAz,
Tmote Sky, and Imote2. The evaluation results show the impacts of individual optimizations on
the execution time and resource consumptions, and give the most computationally efficient and
the most storage efficient configuration of TinyECC.

7)T. Baumeister, “Literature Review on Smart Grid Cyber Security,” Technical Report,
University of Hawaii, 2010.
The current U.S. electrical power grid is an out-of-date infrastructure, and the Smart Grid is
an upgrade that will add many new functionalities to meet customers' new power requirements.
Updating a system as complex as the electrical power grid has the potential of introducing new
security vulnerabilities into the system. This document presents a review of the work related to
Smart Grid cyber security. The work reviewed is separated into
ve categories that make up different components of the Smart Grid: Process Control System
(PCS) Security, Smart Meter Security, Power System State Estimation Security, Smart Grid
Communication Protocol Security, and Smart Grid Simulation for Security Analysis. The Smart
Grid is a large complex system, and it still requires a lot of cyber security design work.
CHAPTER 3

SYSTEM ANALYSIS

EXISTING SYSTEM

The propose a secure middleware architecture that leverages these features and can support the
operation of the power grid reliably, efficiently, and scalable by eliminating bottleneck failure
points. The information infrastructure presented here differs from a typical distributed system
due to traits that are characteristics of the power grid applications such as the coexistence of both
of LAN and WAN system, strict requirements of both latency and reliability and a combination
of both data and event transactions.
The Smart Grid, generally referred to as the next-generation power system, is considered as
a revolutionary and evolutionary regime of existing power grids. More importantly, with the
integration of advanced computing and communication technologies, the Smart Grid is expected
to greatly enhance efficiency and reliability of future power systems with renewable energy
resources, as well as distributed intelligence and demand response.
Along with the silent features of the Smart Grid, cyber security emerges to be a critical issue
because millions of electronic devices are inter-connected via communication networks
throughout critical power facilities, which has an immediate impact on reliability of such a
widespread infrastructure. In this paper, we present a comprehensive survey of cyber security
issues for the Smart Grid. Specifically, we focus on reviewing and discussing security
requirements, network vulnerabilities, attack countermeasures, secure communication protocols
and architectures in the Smart Grid. We aim to provide a deep understanding of security
vulnerabilities and solutions in the Smart Grid and shed light on future research directions for
Smart Grid security.
The smart grid is characterized by the two-way flow of electric power and information. For the
information flow implementation and support, several wireless communication technologies and
standards are being considered. Although there is no doubt that using wireless communications
offers significant benefits over wired connections, the wireless technology introduces additional
vulnerability in terms of network security. This work addresses physical layer security, a topic
that has been hardly investigated in the smart grid domain. To understand new types of threats,
we review fundamentals of wireless communication and examine physical attack models in
depth. As a promising solution to physical security, we describe a random spread-spectrum based
wireless communication scheme that can achieve both fast and robust data transmission. We
expect that the work presented here will advance the research on wireless smart grid security.
A statistical characterization of the wireless channel in different electric-power-system
environments has been presented. Field tests have been performed on IEEE 802.15.4-compliant
sensor nodes (using CC2420 radio chips) in a 500-kV substation, a main power control room, as
well as an underground network transformer vault to measure background noise, channel
characteristics, and attenuation in the 2.4-GHz frequency band. Various communication links,
including both LOS and NLOS scenarios, are also considered.
Traffic analysis presents a serious threat to wireless network privacy due to the open nature of
wireless medium.In multi-hop wireless network (MWN), the mobile nodes relay others’ packets
forenabling new applications and enhancing the network deployment and performence.Privacy
threat is one of the critical issues in multihop wireless networks, where the involves such as
traffic analysis can be easily launched by a malicious adversary due to the open air transmission
.Network coding has the potential to traffic analysis attacks since the coding /maxing operation is
encouraged at intermediate nodes. Homomorphism Encryption Functions (HEFs) have the
property of homomorphism, which means operations on plaintext can be performed by operating
on corresponding cipher text.
PROPOSED SYSTEM

Based on the security requirements for smart grid, as well as the scale of the system and
availability required, we believe utilizing public key infrastructure (PKI) technologies along with
trusted computing elements, supported by other architectural components, is the best overall
solution for smart grid. We believe that the most effective key management solution for securing
the smart grid will be based on PKI technologies.
PKI is more than just the hardware and software in the system. It also includes the policies and
procedures which describe the set up, management, updating, and revocation of the certificates
that are at the heart of PKI.
A PKI binds public keys with user identities through use of digital certificates. The binding is
established through a registration process, where after a registration authority (RA) assures the
correctness of the binding, the certificate authority (CA) issues the certificate to the user. Users
or devices can authenticate each other via the digital certificates, establish symmetric session
keys, and subsequently encrypt and decrypt messages between each other.
The certificate subject, desiring communication with a secure resource [aka relying party (RP)]
begins by sending a certificate signing request (CSR) to the RA. The RA performs a vetting
function which determines if the requested bindings are correct, and if so signs the CSR and
forwards it to the CA, which then issues the certificate. Later when the certificate subject wishes
to access a secure resource, it sends the certificate to the RP. The RP validates the certificate
typically by requesting the certificate status from a validation authority (VA), who replies in the
positive if the certificate is valid.

PKI allows for a chain of trust, where a first CAs extends trust to a second CAs by simply
issuing a CA-certificate to the second CAs. This enables RPs that trusts the first CA to also trust
subjects with certificates issued by the second CA. When two CAs issue each other certificates it
is referred to as cross signing. In this way, CAs from one organization can extend trust to the
CAs from other organizations, thus enabling secure interoperability across domains. CA
certificates can contain various constraints to limit the trust being extended by the issuing CA to
the subject CA.
In very large systems PKI could be significantly more efficient than shared keys in terms of
setting up and maintaining operational credential. This is due to the fact that each entity needs to
be configured with its own certificate. This is as compared to symmetric key provisioning where
each device may need to be configured with a unique key pair for every secure link. While PKI
is known for being complex, many of the items responsible for the complexity can be
significantly reduced by including the following four main technical elements:
• PKI Standards
• Automated Trust Anchor Security;
• Certificate Attributes;
• Smart Grid PKI Tools.
Standards are used to establish requirements on the security operations of energy service
providers (e.g., utilities, generators, Independent System Operators (ISOs), etc.) as well as smart
grid device manufacturers. Standards will include such items as acceptable security policies (e.g.,
PKI certificate policies used for issuing each type of certificate in the system), certificate
formats, and PKI practices.
Trust anchor security is the basis for all subsequent trust relationships. But often trust anchor
management mechanisms are as simple as trusting the IT administrators to install the correct
certificate for the root CA in all RP devices, with little or no means of efficiently verifying the
correctness of this operation. For systems with thousands or hundreds of thousands of nodes, an
efficient and comprehensive trust anchor management system is needed.
Certificate attributes provide an important component to achieving the high availability needed
for the power grid. We need to ensure that incorporation of security and device authentication
does not unnecessarily impose or extend service outages, due to unreachability of a security
server (e.g., AAA). This is why entities must “carry” their complete credential with them in the
form of an attribute certificate, or a certificate contains sufficiently detailed policy information to
allow an RP to determine the applicability of the certificate holder to a given service.
PKI tools are needed to ease the process of managing the PKI components used to support the
smart grid application. These tools will be knowledgeable of the appropriate smart grid
certificate policy and certificate format standards, and will be used to programmatically enforce
compliance to those standards. Such tools will enhance interoperability, reduce the burden of
running the PKI, and ensure that appropriate security requirements are adhered to.
With these elements in place, it will be possible for a smart grid owner or operator to purchase
equipment, such as remote terminal units (RTUs), intelligent electronic devices (IEDs), and
various forms of communication equipment, from an accredited manufacturer, install these
components into their fielded system, and establish high assurance security associations (SAs)
with these devices without having to preload shared keys into the device. Such mechanisms will
provide highly secure key and trust management in an affordable manner. We therefore believe
that only by including these PKI elements into an overall security architecture, a comprehensive
and cost-effective solution for security of the smart grid can be achieved.
Securing Smart Grid Communication Networks
Figure 2. Considered smart grid communication networks and security threats

The security threats that can be encountered by the smart grid are diverse. They are either
passive attacks such as eavesdropping and traffic analysis, or active attacks such as replaying and
DoS attacks. Passive attacks attempt to access the information exchanged within a network,
while active attacks would disrupt the normal functionality of a network. Essentially, these
attacks lead to the most basic security service requirements in the smart grid: availability,
efficiency, scalability, entity authentication, data integrity protection, non repudiation, privacy
preservation, and confidentiality. The system level security requirements are as follows.
Availability: Because electricity must always be available, it is important that any security
mechanism implemented in the smart grid does not impede power availability or safety. In the
network security field, availability means that secure communication service should be available
even when there are attacks such as DoS attacks. For example, when a smart meter authenticates
other devices or smart meters, the authentication process itself can attract attacks from
distributed DoS attackers.
High efficiency and scalability: Depending on where the mechanism will be employed, the
smart grid has various real time requirements that rely on high efficiency. Common use of
resource-constrained devices and networks add to this need. For example, it is envisioned that
wireless sensor networks (WSNs) will also be integrated into the smart grid to optimize different
functions of the power infrastructure such as power generation and delivery. These networks
have limited bandwidth, and their sensor nodes have limited computation and energy resources.
Also, scalability is important due to the large number of devices in the smart grid and the
increasing number of interactions between grid entities. Also, the protocol-level security
requirements are as follows.
Entity authentication and data integrity protection: Entity authentication ensures that the
communicating entities are legitimate, while integrity protection ensures that received data has
not been altered during transmission and is not replayed data. In particular, in NANs, once this
requirement is met, some attacks such as NAN gateway spoofing, replay and modification
attacks can be resisted.
Non-repudiation: This is to prevent legitimate entities from denying the transmission of their
messages and the corresponding contents. When there are third-party service providers in smart
grids, non-repudiation must be satisfied in order to prevent someone from denying a particular
action that he has done, e.g., making subscription to a certain service.
Privacy preservation: The data that the smart grid is collecting and generating has raised three
different privacy-related issues.
•Conditional identity privacy preservation: Smart grid consumers will expect certain level of
anonymity relative to what they have with the existing electrical power grid. At the same time,
the smart grid is such a critical structure that in some cases complete anonymity may not be
desirable. Law authority (e.g., local police offices) will need to be able to track consumers who
attack the smart grid, but it should not be easy for any other parties to break the data anonymity.
An example of conditional privacy preservation is a concealment of the identity information of a
smart meter (e.g., the owner’s name, the address, etc.).
•Complete identity privacy preservation: Much of the data in the smart grid does not need to be
attributed to a specific sender (e.g., a specific consumer). In this case, data should be sent
anonymously without violating data integrity constraints. In other words, anyone other than the
sender, including the insider of trust authority (or law authority), should not be able to identify
the sender of a message, or link different messages belonging to the same sender even though the
sender is unknown.
Privacy preservation against traffic analysis: Some advanced attacks, e.g., traffic analysis and
flow tracing, can compromise the privacy of consumers, violating source anonymity and traffic
secrecy. Privacy preservation via general data encryption mainly focuses on how to encrypt a
communication message. In contrast, traffic analysis is the process of examining the
characteristics of network traffic, such as message length, frequency or other patterns, to extract
useful information. Therefore, even if operational information were encrypted, traffic analysis
could provide an adversary enough information on the operational situation to enable more
sophisticated timing of physical or cyber attacks.
Confidentiality: Data encryption protects the sensitive transmitted data from passive attacks,
such as eavesdropping. Clearly, the protocol-level security objectives depend on which
components are communicating, and what data they are exchanging.
Fig. 3. Basic PKI procedure

Employing PKI to Secure Smart Grid Communication In this subsection, we argue that PKI is a
potential mechanism for securing smart grid communication as it can meet most security
requirements of smart grid communication networks.
Security requirements of entity authentication and non-repudiation can be satisfied by employing
digital signatures. A PKI binds the public keys and the entities’ identities through the use of
digital certificates. The binding is established through a registration process, and after a trust
authority (TA) (consisting of the registration authority, certificate authority and validation
authority) assures the correctness of the binding, the TA issues the certificate to the entity. Since
the public key of each entity is made available to all other entities in the network, entity
authentication can be achieved.
Distributed TAs
All smart grid entities should be divided into groups. The entities in the same group have the
same TA. PKI allows for a chain of trust, where the TA (called the root TA) gives an entity
(called the second-level TA) a TA-certificate, which specifies the privilege and public key of the
entity. Thus, a second-level TA has the capability to act as the TA of the same group. Also, for
efficiency and scalability consideration, the entities in a group can be further divided into
multiple sub-groups. Similarly, the entities in the same subgroup have the same responsible TA.
Each TA is responsible for maintaining (e.g., distributing and updating) public key certificates
for its group members. The root TA (e.g., the power plant or the local police office) distributes a
TA-certificate to the control center of each NAN. Similarly, as the second-level TA, the control
center of a BAN (respectively, a NAN) distributed a TA-certificate to each HAN gateway
(respectively, the control center of each BAN).
Distributed TAs eliminates single point failures and relieves the performance bottleneck of a
single TA in the traditional PKI. Another example is that, referring to Fig. 3, each consumer
hopes to act as the TA for the redundant smart meters of his/her residency.
Privacy Preservation
Conditional identity privacy preservation: To resolve the efficiency problem of one-time
anonymous certificate described earlier, we have proposed achieving conditional identity privacy
preservation by using a group signature technique , where an entity signs an outgoing message
and then transmits the message with the signature to another entity through a group signature
algorithm. In a group signature scheme, any member of the group can sign a message. The
receiver of the message can only verify if the message is generated by a group member.
Meanwhile, only the group manager can open a group signature to unambiguously reveal the
identity of the signer. Thus, different from the anonymous certificate method, only the group
public key needs to be preloaded into each entity. So, the proposed method is applicable to
storage-constrained entities.
Complete identity privacy preservation: A ring signature technique can be used to achieve
complete user identity pri vacy preservation. Suppose that with the use of PKI, the entities in a
group have public/private key pairs (PK1, SK1), (PK2, SK2), …, (PKn, SKn). Entity i can
compute a ring signature s on an outgoing message m, on input (m, SKi,PK1,…, PKn), and then
transmits {m, s} to another entity. Anyone can check the validity of a ring signature given m, s,
and the public keys involved, PK1, …, PKn. Similar to group signature, ring signature protects
the anonymity of a signer since the receiver of a message can only verify if the message is signed
by a member of a ring. However, it is impossible to revoke signer anonymity in ring signature.
At the same time, the proposed approach does not violate data integrity constraints.
Privacy preservation against traffic analysis: The scheme proposed in can be used to defend
against traffic analysis in multi-hop wireless networks. Based on homomorphic encryption on
global encoding vectors, it can achieve packet flow untraceability and message content
confidentiality.
Here, consider a smart meter as an example to illustrate how these techniques are actually used
to preserve privacy. Smart metering is necessarily privacy invasive and a balance needs to be
struck between privacy and the social utility of fine-grained billing. For billing purpose, the
metering data are typically collected on a monthly or quarterly basis, and should be attributable
i.e., securely associated with a particular account holder with a utility. In this case, the group
signature technique can be employed, where the utility is the group manager while each smart
meter acts as a group member. Each meter can sign the metering data so that a verifier can only
check if the data is originated from the group. Only the utility can identify which meter (i.e.,
which consumer) a signed metering data is from. On the other hand, for the control of power
generation and distribution network, it is not necessary for metering data to be attributable.
Instead, data can remain anonymous as long as it can be authenticated and securely associated
with a particular entity, e.g., a substation.
In this case, the ring signature technique can be used, where each meter can use its private
key and the public keys of the other meters of the same substation to sign the metering data and
then transmit the signed message to the utility. Anyone including the utility only knows that the
message is signed by a meter associated with the substation, but does not need to know the
identity of the signer. Moreover, in all cases, the communication from each smart meter to the
utility can be strengthened with the network coding technique in order to ensure privacy
preservation against traffic analysis.
Supporting Scalability
In order to complement the scalability provided by PKI, provide some suggestions to the
security protocol design for different application categories.
The smart grid will have many different communication protocols, and each of them will have
their own sets of protocol-level security requirements (i.e., entity authentication, data integrity
protection, non-repudiation, privacy preservation, and confidentiality), sender and receiver
resources, and communication technologies (e.g., optical fiber, WiMAX, 3G, Zigbee). Note that
the stronger the security algorithm is, the more resource consumption on the CPU, bandwidth
and storage.
This is especially true regarding the grid’s ongoing modernization. Here, as examples, we
compare different approaches to provide data confidentiality, and study the design considerations
for wide area protection protocols. RC5, Data Encryption Standard (DES), Triple-DES (i.e.,
3DES) and Advanced Encryption Standard (AES) are all symmetric-key encryption/decryption
algorithms. It is commonly known that AES is more efficient than all other algorithms for the
same security level. In addition, hardware AES acceleration is available in many hardware
platforms in the smart grid. Thus, AES is the preferred solution.
Additionally, the performance of RC5 and AES algorithms on sensor nodes is investigated. To
this end, the RC5 implementation in the TinySEC library for TinyOS 1.x is ported to TinyOS
2.x. For AES, its encryption module is implemented in one of the most commonly used radios,
CC2420, which supports hardware AES acceleration. The maximum length of packet payload is
set to be 200 bytes. RC5 is used with 12 rounds (with a 64-bit key and 64-bit block size) while a
stand-alone AES module is used with 10 rounds (with a 128-bit key and 128-bit block size).
The execution time of RC5 (encryption and decryption) and hardware-based AES encryption in
MicaZ and TelosB motes, respectively. Clearly, hardware-based AES encryption is much faster
than the RC5 operation. Cascaded failures can be prevented by recently developed wide area
protection protocols. For these protocols, system parameters such as current and voltage are
measured by phasor measurement units (PMUs) or WSNs and then transmitted to the control
center or substation. The most important security objective of the wide area protection is
availability. The electrical power system must be available at all times, so the wide area
protection monitoring the power system must also be always available. The data integrity of the
wide area protection is the next important security objective. It will not be able to make correct
decisions if it is given false data as input. Confidentiality is the least important security objective.
The wide area protection needs to run in real time, and that means the system must have minimal
overhead. Implementing confidentiality may be too time-consuming to meet latency
requirements. According to the above analysis, the proposed polynomial-based lightweight
verification scheme should be employed in a wide area protection system to mitigating the effect
of DoS attacks.
Figure 4. Security requirements of smart grid communication networks, public key
infrastructure and the proposed mechanisms.

Shortcomings of Existing PKI for Use in the Smart Grid


Although PKI is a potential solution to secure the smart grid when compared with other
approaches, it has some limitations. Describe the PKI system-level limitations as follows.
Availability — In smart grid PKI, authentication on each entity consists of two steps: certificate
verification and signature verification. This procedure is vulnerable to DoS attacks, because the
expensive operation of scalar multiplication is involved. An adversary may keep sending fake
certificate and signature to legitimate entities for preventing others from connecting to them. For
example, when a smart meter authenticates other devices or smart meters, the authentication
process itself can attract attacks from distributed DoS attackers. Accordingly, a mechanism for
preventing DoS attacks is needed to overcome this PKI limitation.
Distributed TAs — In the PKI, another challenge is that access (e.g., register and authenticate) to
a central server (i.e., the sole TA) is not ideal, so it will need to be distributed. Moreover, the
smart grid entities may belong to different organizations and, possibly, have conflicting interests.
For example, in 2009, thousands of customers from Pacific Gas and Electricity (PG&E) of
California complained that their smart meters overcharged them.
Consequently, some PG&E customers installed redundant meters to verify the integrity of their
bills independently. Obviously, different from the primary smart meters, the redundant meters
should be authorized by the consumers, but not the supplier. Thus, the management policy
in PKI should be further explored from a sole TA to distributed TAs. The central TA approach,
the keying materials of primary smart meters and redundant meters are distributed by the electric
utility. Thus, the electric utility can modify the measurement reading of redundant meters, which
cannot be detected by the consumer and lead to incorrect billings. However, in the distributed
TAs approach, a primary smart meter registers to the electric utility while a redundant meter
registers to a consumer. Thus, the electric utility has no ability to access the measurement
reading of a redundant smart meter.

Figure 5. Smart meter and redundant meter reading

Scalability — The smart grid is a large system made up of many types of devices with different
computational power, and different communication protocols with their own sets of security
requirements. One major obstacle to provide secure communication in such a system is to ensure
that the security mechanisms can be implemented in all devices, and satisfy the security
requirements. Therefore, PKI should be enhanced to accommodate the different devices and
security needs. The PKI also has the following protocol-level limitation.
Privacy Preservation — In order to provide identity privacy protection, an entity needs to
frequently change its one-time anonymous certificate, thus each entity possesses a number of
certificates. Clearly, this solution is not suitable for smart grid because preloading a large pool of
certificates is not feasible for memory-limited entities (e.g., smart meters and sensor nodes).
Furthermore, even though anonymous certificates in PKI can guarantee conditional identity
privacy, PKI cannot support complete identity privacy preservation and privacy preservation
against traffic analysis.

ADVANTAGES

• Availability

• High efficiency and scalability

• Entity authentication and data integrity protection

• Privacy preservation
CHAPTER 4

SYSTEM REQUIREMENT

HARDWARE REQUIREMENT

Processor : Dual Code Processor 2.6.0 Ghz

RAM : 1GB

Hard Disk : 160 GB

Compact Disk : 650 MB

Input Device : Standard Keyboard and Mouse

Output Device : Monitor

SOFTWARE REQUIREMENT

NETWORK SIMULATOR 2

Tool : Ns – Allinone – 2.34

Front End : Tool Command Language (TCL)

Back End : C++

Interface : VMWARE WORKSTSTION.

Operating System : Red Hat Linux (Window XP (Or) 2007)


Ns2

NS2 is an object-oriented, discrete event driven network simulator developed at UC Berkely


written in C++ and OTcl. NS is primarily useful for simulating local and wide area networks.
Although NS is fairly easy to use once you get to know the simulator, it is quite difficult for a
first time user, because there are few user-friendly manuals. Even though there is a lot of
documentation written by the developers which has in depth explanation of the simulator, it is
written with the depth of a skilled NS user. The purpose of this project is to give a new user
some basic idea of how the simultor works, how to setup simulation networks, where to look for
further information about network components in simulator codes, how to create new network
components, etc., mainly by giving simple examples and brief explanations based on our
experiences. Although all the usage of the simulator or possible network simulation setups may
not be covered in this project, the project should help a new user to get started quickly.

Ns-2 is a discrete event simulator targeted at networking research. Ns-2 provides substantial
support for simulation of TCP, routing, and multicast protocols over wired and wireless (local
and satellite) networks. For more information see the Ns Users FAQ. Ns-2 is written in C++ and
an Object oriented version of Tcl called OTcl. Nam is a Tcl/TK based animation tool for viewing
network simulation traces and real world packet traces. It is mainly intended as a companion
animator to the ns simulator.

Nam is a Tcl/TK based animation tool for viewing network simulation traces and real world
packet traces. It supports topology layout, packet level animation, and various data inspection
tools. Nam began at LBL. It has evolved substantially over the past few years. The nam
development effort was an ongoing collaboration with the VINT project.

NS is basically an OTcl interpreter with network simulation object libraries. It is very useful to
know how to program in OTcl to use NS. This section shows an example Tcl and OTcl script,
from which one can get the basic idea of programming in OTcl. These examples are from the 5th
VINT/NS Simulation Tutorial/Workshop.

Ns(from network simulator) is a name for series of discrete event network simulators,
specifically ns-1, ns-2 and ns-3. All of them are discrete-event network simulator, primarily used
in research and teaching. ns-3 is free software, publicly available under the GNU GPLv2 license
for research, development, and use.

The network simulator is discrete event packet level simulator. The network simulator covers a
very large number of application of different kind of protocols of different network types
consisting of different network elements and traffic models. Network simulator is a package of
tools that simulates behavior of networks such as creating network topologies, log events that
happen under any load, analyze the events and understand the network. Well the main aim of our
first experiment is to learn how to use network simulator and to get acquainted with the
simulated objects and understand the operations of network simulation and we also need to
analyze the behavior of the simulation object using network simulation.

Platform to run ns2:

 Unix and Unix like systems


 Linux (Use Fedora or Ubuntu versions)
 Free BSD
 SunOS/Solaris
 Windows 95/98/NT/2000/XP

Backend Environment of Network Simulator:

Network Simulator is mainly based on two languages.They are C++ and OTcl. OTcl is the object
oriented version of Tool Command language.The network simulator is a bank of of different
network and protocol objects. C++ helps in the following way:

 It helps to increase the efficiency of simulation.


 Its is used to provide details of the protocols and their operation.
 It is used to reduce packet and event processing time.
OTcl helps in the following way:

 With the help of OTcl we can describe different network topologies


 It helps us to specify the protocols and their applications
 It allows fast development
 Tcl is compatible with many platforms and it is flexible for integration
 Tcl is very easy to use and it is available in free

Protocol Description

 TCP provides a communication service at an intermediate level between an application


programs. The software can issue a single request to TCP and let TCP handle the IP
details. IP works by exchanging pieces of information called packets.

 A packet is a sequence of octets (bytes) and consists of a header followed by a body. The
header describes the packet's source, destination and control information. The body
contains the data IP is transmitting.

 TCP detects these problems, requests retransmission of lost data, rearranges out-of-order
data, and even helps minimize network congestion to reduce the occurrence of the other
problems. Once the TCP receiver has reassembled the sequence of octets originally
transmitted, it passes them to the receiving application. Thus, TCP abstracts the
application's communication from the underlying networking details.

 TCP is optimized for accurate delivery rather than timely delivery, and therefore, TCP
sometimes incurs relatively long delays (on the order of seconds) while waiting for out-
of-order messages or retransmissions of lost messages.

 TCP is utilized extensively by many of the Internet's most popular applications, File
Transfer Protocol, Secure Shell, peer-to-peer file sharing, and some streaming
media applications.

DSDV Routing Protocol

Wireless networks can be classified as follows-


1. Infrastructure Networks This mode bridges a wireless network to a wired Ethernet
network. A wireless access point is required for infrastructure mode wireless networking,
which serves as the central WLAN communication station to which the mobile clients
attach.
The mobile client can move geographically out of range of one base station to the range
of another while it is communicating. When it goes, it connects with new base station and
starts communicating through it. This results in handoff.

2. Ad Hoc (Infrastructure less) Networks This mode is a method for wireless devices to
directly communicate with each other. Operating in ad-hoc mode allows wireless devices
within range of each other to discover and communicate in peer-to-peer fashion without
involving central access points. This is typically used by two PCs to connect to one
another as well as for wireless mesh networks.
3. Ad hoc routing presents challenges due to high mobility and lack of topology
information at each client. We have two categories of ad hoc routing-
1. Pro-active (Table-driven) Protocols
These algorithms maintain fresh list of destinations and their routes at each node. eg.
Destination- Sequenced Distance-Vector (DSDV)
2. Reactive (On-demand) Protocols
These protocol find a route when needed. eg. Dynamic Source Routing (DSR), Ad Hoc
On-Demand Distance Vector Routing (AODV), Temporally Ordered Routing Algorithm
(TORA)
CHAPTER 5

MODULES SPLITUP

 Network formation
 Attacker performance
 Employing PKI to Secure Smart Grid Communication
 Performance evaluation

Network formation

Wireless communication is at the center of the smart grid system, connecting users to their utility
and the distribution networks, and supplying power companies with critically important real-time
data. That capability allows them to make more timely and effective decisions that ultimately
result in more sustainable operations. A smart grid’s communication network can be
conceptualized as generally having three levels, each with distinct technologies. The base level is
a home area network (HAN), interconnecting electric devices such as household appliances
within the customer’s premises. Information acquired by the HAN is aggregated at the smart
meter for the second-level communications via a neighborhood area network (NAN).

Attacker performance

The security threats that can be encountered by the smart grid are diverse. They are both passive
attacks such as eavesdropping and traffic analysis, or active attacks such as replaying and DoS
attacks. Passive attacks attempt to access the information exchanged within a network, while
active attacks would disrupt the normal functionality of a network. Essentially, these attacks lead
to the most basic security service requirements in the smart grid: availability, efficiency,
scalability, entity authentication, data integrity protection, nonrepudiation, privacy preservation,
and confidentiality.
Employing PKI to Secure Smart Grid Communication

Security requirements of entity authentication and non-repudiation can be satisfied by employing


digital signatures. A PKI binds the public keys and the entities’ identities through the use of
digital certificates. The binding is established through a registration process, and after a trust
authority (TA) (consisting of the registration authority, certificate authority and validation
authority) assures the correctness of the binding, the TA issues the certificate to the entity. Since
the public key of each entity is made available to all other entities in the network, entity
authentication can be achieved.

Performance evaluation

To resolve the efficiency problem of one-time anonymous certificate described earlier, we have
proposed achieving conditional identity privacy preservation by using a group signature
technique, where an entity signs an outgoing message and then transmits the message with the
signature to another entity through a group signature algorithm. A ring signature technique can
be used to achieve complete user identity privacy preservation. Based on homomorphic
encryption on global encoding vectors, it can achieve packet flow untraceability and message
content confidentiality.
CHAPTER 6

EXPERIMENT AND RESULTS

CODING

#An Enhanced Public Key Infrastructure to Secure Smart Grid Wireless


#Communication Networks
set val(chan) Channel/WirelessChannel ;# channel type
set val(prop) Propagation/TwoRayGround ;# radio-propagation model
set val(netif) Phy/WirelessPhy ;# network interface type
set val(mac) Mac/802_11 ;# MAC type
set val(ifq) Queue/DropTail/PriQueue ;# interface queue type
set val(ll) LL ;# link layer type
set val(ant) Antenna/OmniAntenna ;# antenna model
set val(ifqlen) 50 ;# max packet in ifq
set val(nn) 35 ;# number of mobilenodes
set val(rp) AODV ;# routing protocol
set val(x) 1332 ;# X dimension of topography
set val(y) 539 ;# Y dimension of topography
set val(stop) 20.0 ;# time of simulation end

#Create a ns simulator
set ns [new Simulator]

#Setup topography object


set topo [new Topography]
$topo load_flatgrid $val(x) $val(y)
create-god $val(nn)

#Open the NS trace file


set tracefile [open smartgrid.tr w]
$ns trace-all $tracefile

#Open the NAM trace file


set namfile [open smartgrid.nam w]
$ns namtrace-all $namfile
$ns namtrace-all-wireless $namfile $val(x) $val(y)
set chan [new $val(chan)];#Create wireless channel

$ns node-config -adhocRouting $val(rp) \


-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channel $chan \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace ON \
-movementTrace ON

#Create 35 nodes
set n0 [$ns node]
$n0 set X_ 432
$n0 set Y_ 439
$n0 set Z_ 0.0
$ns initial_node_pos $n0 60
set n1 [$ns node]
$n1 set X_ 632
$n1 set Y_ 439
$n1 set Z_ 0.0
$ns initial_node_pos $n1 60
set n2 [$ns node]
$n2 set X_ 832
$n2 set Y_ 439
$n2 set Z_ 0.0
$ns initial_node_pos $n2 60
set n3 [$ns node]
$n3 set X_ 1032
$n3 set Y_ 439
$n3 set Z_ 0.0
$ns initial_node_pos $n3 60
set n4 [$ns node]
$n4 set X_ 1232
$n4 set Y_ 439
$n4 set Z_ 0.0
$ns initial_node_pos $n4 60
set n5 [$ns node]
$n5 set X_ 432
$n5 set Y_ 239
$n5 set Z_ 0.0
$ns initial_node_pos $n5 60
set n6 [$ns node]
$n6 set X_ 632
$n6 set Y_ 239
$n6 set Z_ 0.0
$ns initial_node_pos $n6 60
set n7 [$ns node]
$n7 set X_ 832
$n7 set Y_ 239
$n7 set Z_ 0.0
$ns initial_node_pos $n7 60
set n8 [$ns node]
$n8 set X_ 1032
$n8 set Y_ 239
$n8 set Z_ 0.0
$ns initial_node_pos $n8 60
set n9 [$ns node]
$n9 set X_ 1232
$n9 set Y_ 239
$n9 set Z_ 0.0
$ns initial_node_pos $n9 60
set n10 [$ns node]
$n10 set X_ 432
$n10 set Y_ 39
$n10 set Z_ 0.0
$ns initial_node_pos $n10 60
set n11 [$ns node]
$n11 set X_ 632
$n11 set Y_ 39
$n11 set Z_ 0.0
$ns initial_node_pos $n11 60
set n12 [$ns node]
$n12 set X_ 832
$n12 set Y_ 39
$n12 set Z_ 0.0
$ns initial_node_pos $n12 60
set n13 [$ns node]
$n13 set X_ 1032
$n13 set Y_ 39
$n13 set Z_ 0.0
$ns initial_node_pos $n13 60
set n14 [$ns node]
$n14 set X_ 1232
$n14 set Y_ 39
$n14 set Z_ 0.0
$ns initial_node_pos $n14 60
set n15 [$ns node]
$n15 set X_ 432
$n15 set Y_ -161
$n15 set Z_ 0.0
$ns initial_node_pos $n15 60
set n16 [$ns node]
$n16 set X_ 632
$n16 set Y_ -161
$n16 set Z_ 0.0
$ns initial_node_pos $n16 60
set n17 [$ns node]
$n17 set X_ 832
$n17 set Y_ -161
$n17 set Z_ 0.0
$ns initial_node_pos $n17 60
set n18 [$ns node]
$n18 set X_ 1032
$n18 set Y_ -161
$n18 set Z_ 0.0
$ns initial_node_pos $n18 60
set n19 [$ns node]
$n19 set X_ 1232
$n19 set Y_ -161
$n19 set Z_ 0.0
$ns initial_node_pos $n19 60
set n20 [$ns node]
$n20 set X_ 432
$n20 set Y_ -361
$n20 set Z_ 0.0
$ns initial_node_pos $n20 60
set n21 [$ns node]
$n21 set X_ 632
$n21 set Y_ -361
$n21 set Z_ 0.0
$ns initial_node_pos $n21 60
set n22 [$ns node]
$n22 set X_ 832
$n22 set Y_ -361
$n22 set Z_ 0.0
$ns initial_node_pos $n22 60
set n23 [$ns node]
$n23 set X_ 1032
$n23 set Y_ -361
$n23 set Z_ 0.0
$ns initial_node_pos $n23 60
set n24 [$ns node]
$n24 set X_ 1232
$n24 set Y_ -361
$n24 set Z_ 0.0
$ns initial_node_pos $n24 60
set n25 [$ns node]
$n25 set X_ 432
$n25 set Y_ -561
$n25 set Z_ 0.0
$ns initial_node_pos $n25 60
set n26 [$ns node]
$n26 set X_ 632
$n26 set Y_ -561
$n26 set Z_ 0.0
$ns initial_node_pos $n26 60
set n27 [$ns node]
$n27 set X_ 832
$n27 set Y_ -561
$n27 set Z_ 0.0
$ns initial_node_pos $n27 60
set n28 [$ns node]
$n28 set X_ 1032
$n28 set Y_ -561
$n28 set Z_ 0.0
$ns initial_node_pos $n28 60
set n29 [$ns node]
$n29 set X_ 1232
$n29 set Y_ -561
$n29 set Z_ 0.0
$ns initial_node_pos $n29 60
set n30 [$ns node]
$n30 set X_ 432
$n30 set Y_ -761
$n30 set Z_ 0.0
$ns initial_node_pos $n30 60
set n31 [$ns node]
$n31 set X_ 632
$n31 set Y_ -761
$n31 set Z_ 0.0
$ns initial_node_pos $n31 60
set n32 [$ns node]
$n32 set X_ 832
$n32 set Y_ -761
$n32 set Z_ 0.0
$ns initial_node_pos $n32 60
set n33 [$ns node]
$n33 set X_ 1032
$n33 set Y_ -761
$n33 set Z_ 0.0
$ns initial_node_pos $n33 60
set n34 [$ns node]
$n34 set X_ 1232
$n34 set Y_ -761
$n34 set Z_ 0.0
$ns initial_node_pos $n34 60
#Setup a TCP connection
set tcp1 [new Agent/TCP]
$ns attach-agent $n0 $tcp1
set sink1 [new Agent/TCPSink]
$ns attach-agent $n13 $sink1
$ns connect $tcp1 $sink1
$tcp1 set packetSize_ 1500
#Setup a FTP Application over TCP connection
set ftp1 [new Application/FTP]
$ftp1 attach-agent $tcp1
$ns at 1.0 "$ftp1 start"
$ns at 8.0 "$ftp1 stop"
$ns at 2.0 "$n0 label Source"
$ns at 2.3 "$n13 label Destination"
$ns at 2.5 "$n7 label Attacker"
$ns at 2.7 "$n11 label Attacker"
$ns at 2.8 "$n3 label Attacker"
$ns at 2.0 "$n0 add-mark n0 blue square"
$ns at 2.0 "$n13 add-mark n13 blue square"
$ns at 3.7 "$n7 label-color red"
$ns at 3.9 "$n11 label-color red"
$ns at 4.1 "$n3 label-color red"
$ns at 2.2 "$n1 add-mark n1 violet circle"
$ns at 2.4 "$n2 add-mark n2 violet circle"
$ns at 2.2 "$n3 add-mark n3 yellow circle"
$ns at 2.6 "$n4 add-mark n4 violet circle"
$ns at 2.5 "$n5 add-mark n5 violet circle"
$ns at 2.3 "$n6 add-mark n6 violet circle"
$ns at 2.1 "$n7 add-mark n7 yellow circle"
$ns at 2.0 "$n8 add-mark n8 violet circle"
$ns at 2.5 "$n9 add-mark n9 violet circle"
$ns at 2.4 "$n10 add-mark n10 violet circle"
$ns at 2.2 "$n11 add-mark n11 yellow circle"
$ns at 2.6 "$n12 add-mark n12 violet circle"
$ns at 2.5 "$n15 add-mark n15 violet circle"
$ns at 2.3 "$n14 add-mark n14 violet circle"
$ns at 2.0 "$n16 add-mark n16 violet circle"
$ns at 2.0 "$n17 add-mark n17 violet circle"
$ns at 2.2 "$n18 add-mark n18 violet circle"
$ns at 2.4 "$n19 add-mark n19 violet circle"
$ns at 2.2 "$n20 add-mark n20 violet circle"
$ns at 2.6 "$n21 add-mark n21 violet circle"
$ns at 2.5 "$n22 add-mark n22 violet circle"
$ns at 2.3 "$n23 add-mark n23 violet circle"
$ns at 2.0 "$n24 add-mark n24 violet circle"
$ns at 2.0 "$n25 add-mark n25 violet circle"
$ns at 2.2 "$n26 add-mark n26 violet circle"
$ns at 2.4 "$n27 add-mark n27 violet circle"
$ns at 2.2 "$n28 add-mark n28 violet circle"
$ns at 2.6 "$n29 add-mark n29 violet circle"
$ns at 2.5 "$n30 add-mark n30 violet circle"
$ns at 2.3 "$n31 add-mark n31 violet circle"
$ns at 2.6 "$n32 add-mark n32 violet circle"
$ns at 2.5 "$n33 add-mark n33 violet circle"
$ns at 2.3 "$n34 add-mark n34 violet circle"
$ns at 5.2 "puts \"List of the following attack detected......\""
$ns at 5.4 "puts \"++++++++++++++++++++++++++++++++++\""
$ns at 5.4 "puts \" Neighbor Area Network \""
$ns at 5.4 "puts \" Building Area Network \""
$ns at 5.4 "puts \" Home Area Network \""
$ns at 5.4 "puts \"++++++++++++++++++++++++++++++++++\""
$ns at 5.4 "puts \" ->Non Gateway Spoofing \""
$ns at 5.4 "puts \" ->Man-in-the Middle \""
$ns at 5.4 "puts \" ->Replaying \""
$ns at 5.4 "puts \" ->Modification \""
$ns at 5.4 "puts \" ->DOS \""
$ns at 5.4 "puts \" ->Evesdropping \""
$ns at 5.4 "puts \"++++++++++++++++++++++++++++++++++\""
$ns at 2.5 "$ns trace-annotate \"Detecting attacks in gridnetwork......\""
#Define a 'finish' procedure
proc finish {} {
global ns tracefile namfile
$ns flush-trace
close $tracefile
close $namfile
exec nam smartgrid.nam &
exit 0
}
for {set i 0} {$i < $val(nn) } { incr i } {
$ns at $val(stop) "\$n$i reset"
}
$ns at $val(stop) "$ns nam-end-wireless $val(stop)"
$ns at $val(stop) "finish"
$ns at $val(stop) "puts \"done\" ; $ns halt"
$ns run

SCREENSHOT
CHAPTER 7

CONCLUSION AND FUTURE WORK

In this article, have to address security and privacy issues in smart grid wireless communication
networks. Several security mechanisms have been proposed to complement the PKI security
services for availability, privacy preservation and scalability. Moreover, proposed a mechanism
to efficiently resist DoS attacks against adversaries and legitimate insiders. We believe that it can
be used as a reference for the research on smart grid security and privacy. For example, when
designing a security protocol for a specific application, the designers could check whether the
security requirements concluded by this article have been satisfied. Deploying PKI requires
manpower from the electric utility to maintain the PKI servers, handles entity software issues
and manages the network infrastructure. Thus, it will require a considerable number of staff to
maintain the PKI environment with a large number (e.g., several millions) of network entities.
Future research should consider how to simplify the PKI environment so that less staff are
required to manage it. On the other hand, with the development of the smart grid, more third-
party service providers will be involved, which will introduce some new security and privacy
risks into the system. In the future research should focus on how to complement the enhanced
PKI system to prevent these risks.

REFERENCES
[1] Y.-J. Kim et al., “A Secure Decentralized Data-Centric Information Infrastructure for Smart
Grid,” IEEE Commun. Mag., vol. 48, no. 11, 2010, pp. 58–65.
[2] T. Baumeister, “Literature Review on Smart Grid Cyber Security,” Technical Report,
University of Hawaii, 2010.
[3] J. Liu et al., “Cyber Security and Privacy Issues in Smart Grids,” IEEE Commun.Surveys
Tuts., vol. 14, no. 4, 2012, pp. 981–97.
[4] E.-K. Lee, M. Gerla, and S.Y. Oh, “Physical Layer Security in Wireless Smart Grid,” IEEE
Commun. Mag., vol. 50, no. 8, pp. 46-52, Aug. 2012.
[5] V.C. Gungor, B. Lu, and G.P. Hancke, “Opportunities and Challenges of Wireless Sensor
Networks in Smart Grid,” IEEE Trans. Ind. Electron., vol. 57, no. 10, Oct. 2010, pp. 3557–64.

[6] Y. Fan et al., “Network Coding based Privacy Preservation Against Traffic Analysis in
Multi-Hop Wireless Networks,” IEEE Trans. Wireless Commun., vol. 10, no. 3, 2011, pp. 834–
43.
[7] A. Liu and P. Ning, “TinyECC: A Configurable Library for Elliptic Curve Cryptography in
Wireless Sensor Networks,” Proc. IPSN, 2008, pp. 245–56.
[8] D. P. Varodayan and G.X. Gao, “Redundant Metering for Integrity with Information-
Theoretic Confidentiality,” Proc. IEEE SmartGridComm, Oct. 2010, pp. 345–49.
[9] C. Blundo, et al., “Perfectly-Secure Key Distribution for Dynamic Conferences,”
Advances in Cryptology-Crypto’92, LNCS 740, 1993, pp. 471–86.
[10] D. He et al., “Privacy-Preserving Universal Authentication Protocol for Wireless
Communications,” IEEE Trans. Wireless Commun., vol. 10, no. 2, 2011, pp. 431–36.