Cyber-Physical Security and Privacy in the Electric Smart Grid

Advances in smart grids and in communication networks allow the development of an interconnected system where information arising from different sources helps building a more reliable electrical network. Nevertheless, this interconnected system also brings new security threats. In the past, communication networks for electrical systems were restrained to closed and secure areas, which guaranteed network physical security. Due to the integration with smart meters, clouds, and other information sources, physical security to network access is no longer available, which may compromise the electrical system. Besides smart grids bring a huge growth in data volume, which must be managed. In order to achieve a successful smart grid deployment, robust network communication to provide automation among devices is necessary. Therefore, outages caused by passive or active attacks become a real threat. This chapter describes the main architecture flaws that make the system vulnerable to attacks for creating energy disruptions, stealing energy, and breaking privacy.

Download Full-text

Theft Preventive Measures for Interconnected Personal Computer Devices as Proactive Physical Security of Data

Research Anthology on Securing Mobile Technologies and Applications ◽

10.4018/978-1-7998-8545-0.ch018 ◽

2021 ◽

pp. 337-352

Author(s):

Ekaterina Pshehotskaya ◽

Oleg Mikhalsky

Keyword(s):

User Behavior ◽

Personal Data ◽

Data Access ◽

Security And Privacy ◽

Portable Devices ◽

Physical Security ◽

Security Risks ◽

Portable Computer ◽

Relative Risks ◽

And Control

This article is concerned with the arising problems and implications of physical security and privacy of personal and control data on portable computer devices, especially smartphones. The authors consider various classifications of portable computer devices, isolate smartphones as a most common device, and study types of user behavior regarding the involved security risks of unauthorized access to the data stored both locally and remotely with accent of physical data access via device theft. Based on provided categorization the researchers discuss the factors and criteria suitable to generalize user patterns and evaluate the corresponding vulnerability level against specified statistics. The considered statistical criteria can be formulated as a mathematical model of relative risks and implemented as a service or an application to be used for improving user awareness on current threats to his personal data and respective interconnected personal portable devices.

Download Full-text

Anonymous Authentication for Smart Grid Communications

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.145.364 ◽

2011 ◽

Vol 145 ◽

pp. 364-368 ◽

Cited By ~ 2

Author(s):

Tung Hung Chueh ◽

Huei Ru Tseng

Keyword(s):

Smart Grid ◽

Distribution Networks ◽

Research Literature ◽

Security Requirements ◽

Security And Privacy ◽

User Privacy ◽

Smart Meters ◽

Anonymous Authentication ◽

Smart Grid Communications ◽

Smart Grid Communication

The smart grid is a network of computers and power infrastructures that monitor and manage energy usage and uses intelligent transmission and distribution networks to deliver electricity for improving the electric system’s reliability and efficiency. With grid controls, energy transmission management could be enhanced and resilience to control-system failures would be increased. Processing chips and storage units have been embedded into traditional electricity meters, so that they are capable of performing smart functions, called smart meters. Then, smart meters communicate with electrical appliances at home as well as the generation and management facilities at the power companies. Although deploying the smart grid has numerous social and technical benefits, several security and privacy concerns arise. Attackers might compromise smart meters, eavesdrop the communication, or hack into the power company’s database, to access power consumption data of the victim, from which they learn about the victim’s daily activities. Recently, various security and privacy vulnerabilities and threats have been studied in the research literature, however, most of the problems remain yet to be addressed. Therefore, it is crucial to design secure smart grid communication protocols that could prevent all possible security vulnerabilities. In this paper, we propose an anonymous authentication protocol for securing communication among various smart meters of the smart grid. The proposed protocol can achieve key agreement between smart meters and fully protect user privacy with low computation overhead. In addition, the analysis shows that the proposed protocol can satisfy the desirable security requirements and resist several notorious attacks.

Download Full-text

Security and Privacy in the Smart Grid

Handbook on Securing Cyber-Physical Critical Infrastructure ◽

10.1016/b978-0-12-415815-3.00025-x ◽

2012 ◽

pp. 637-654 ◽

Cited By ~ 8

Author(s):

Alvaro A. Cárdenas ◽

Reihaneh Safavi-Naini

Keyword(s):

Smart Grid ◽

Security And Privacy

Download Full-text

Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees

Sensors ◽

10.3390/s20164404 ◽

2020 ◽

Vol 20 (16) ◽

pp. 4404 ◽

Cited By ~ 1

Author(s):

Erkuden Rios ◽

Angel Rego ◽

Eider Iturbe ◽

Marivi Higuero ◽

Xabier Larrucea

Keyword(s):

Risk Assessment ◽

Smart Grid ◽

Smart Grids ◽

Investment Decision ◽

Holistic Approach ◽

Security And Privacy ◽

Sensitivity Analyses ◽

Building Energy Efficiency ◽

Risk Minimization ◽

Grid Systems

Although the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.

Download Full-text