10 likes | 185 Views
EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATION Tyler Flack, Samujjwal Bhandari, and Susan Urban TEXAS TECH UNIVERSITY 2012 RESEARCH EXPERIENCE FOR UNDERGRADUATES SITE PROJECT. Attack scenarios
E N D
EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATIONTyler Flack, Samujjwal Bhandari, and Susan UrbanTEXAS TECH UNIVERSITY 2012 RESEARCH EXPERIENCE FOR UNDERGRADUATES SITE PROJECT • Attack scenarios • The research focused on two different attack scenarios: • Flood Attack: An attack scenario in which association request packets are continuously injected into the coordinator tying up communications with actual devices. • “Back-off” time attack: An attack scenario which takes advantage of specific hardware specs to lock up communications. The “back-off” time is the time between when a coordinator receives an association request and when it will accept another association request. • The flood attack was implemented using a pre-defined tool in KillerBee called “zbassocflood”. • For the “back-off” time attack modifications were made to “zbassocflood” which account for the specific “back-off” time for our simulation. • Motivation • The Smart Grid is a redesign of the current power grid which will provide the following benefits: • Increased ability for consumers to monitor consumption. • Increased ability to use alternative energy sources. • Provide a grid with “self-healing” capabilities. • Through the use of more networked communication equipment, security for these smart grid systems is a major concern. • Due to the efficiency and simplicity of design, ZigBee is the desirable choice for Home Area Network (HAN) systems within the smart grid. • Due to the same factors that make ZigBee a good choice for HAN communication the security vulnerabilities are a very real problem and should be researched for improvement. Figure 3: Successful attempt at a “back-off” time attack • Home Area Network (HAN) • Consists of a single “smart” meter which acts as both the control point of the HAN as well as the point of communication between the utility company and consumer. • “Smart” appliances such as thermostats, dishwashers, washer/dryers, etc. would be able to operate based on price and consumption records provided by the utility company via the smart meter. • Future Work • Different forms of data manipulation attacks should be possible using the current hardware simulation. These attacks include: • Price manipulation • Consumption manipulation • Message interception/manipulation • In addition to data manipulation, “fake” device joining is a possible attack scenario using the current hardware simulation. Figure 2: Creation of a ZigBee network using RapidSE software Figure 1: Diagram of a typical HAN [1] References: Diagram of smart grid HAN www.sustainable-sphere.com MMB Research (2012, May 28). RapidSE development kit startup guide retrieved via e-mail June 2012. Information about HAN http://www.smartgridnews.com/artman/publish/Business_Consumer_Engagement/Home-energy-management-Make-it-relevant-4595-page2.html Bhandari, Samujjwal; Salisbury, Corbyn; Wilson, Ryan; Urban, Susan (2011, August 6) Exploiting the Security of a Smart Grid Home Area Network Through Simulation Bhandari, Samujjwal; Garza, Gabriel; Urban, Susan (2012, August 2) • Hardware Simulation Overview • Using MMB research’s RapidSEZigBee smart energy development kit a hardware simulation of a smart grid HAN has been set up. • A single development board is used to coordinate the ZigBee smart energy network. • Two development boards are used to model “smart” appliances such as a “smart” thermometer or in-home display. • Two AVR Raven USB ZigBee sticks are used, one for sniffing packets and one for injecting packets. • Attacks are implemented using Joshua Wright’s KillerBee attack framework • Objectives • The long term goal of this research is to support further research in event stream processing (ESP) to detect exploitations of security vulnerabilities in a Smart Grid HAN. • Extend an existing hardware simulation of a HAN. [4] • Experiment with several network intrusion attacks specifically: • Flood attack • “Back-off” time attack • Generate data to validate a companion software simulation [5] *This research is supported by NSF Grant No. CNS 1005212. Opinions, findings, conclusions, or recommendations expressed in this paper are those of the author(s) and do not necessarily reflect the views of NSF.