Emerging threats and counter measures
vinshomeworkj
Reliable_and_secure_SCADA_fram.pdf
RELIABLE AND SECURE SCADA FRAMEWORK FOR RESIDENTIAL
MICROGRID COMMUNICATIONS
GOUTHAM KRISHNA CHALAMASETTY
Master’s Program in Electrical Engineering
APPROVED:
Paras Mandal, Ph.D., Chair
Tzu-Liang (Bill) Tseng, Ph.D., Co-Chair
Virgilio Gonzalez, Ph.D.
Charles Ambler, Ph.D.
Dean of the Graduate School
Copyright ©
by
Goutham Krishna Chalamasetty
2016
RELIABLE AND SECURE SCADA FRAMEWORK FOR RESIDENTIAL
MICROGRID COMMUNICATIONS
by
GOUTHAM KRISHNA CHALAMASETTY, Bachelor of Technology in Electronics and
Communication Engineering
THESIS
Presented to the Faculty of the Graduate School of
The University of Texas at El Paso
in Partial Fulfillment
of the Requirements
for the Degree of
MASTER OF SCIENCE
Department of Electrical and Computer Engineering
THE UNIVERSITY OF TEXAS AT EL PASO
May 2016
All rights reserved
INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
All rights reserved.
This work is protected against unauthorized copying under Title 17, United States Code Microform Edition © ProQuest LLC.
ProQuest LLC. 789 East Eisenhower Parkway
P.O. Box 1346 Ann Arbor, MI 48106 - 1346
ProQuest 10118204
Published by ProQuest LLC (2016). Copyright of the Dissertation is held by the Author.
ProQuest Number: 10118204
iv
Acknowledgements
Firstly, I would like to express my sincere gratitude to my primary thesis advisor and
Chair, Dr. Paras Mandal, who constantly provided me an excellent and constructive guidance
that motivated me to complete my thesis successfully. I am very much grateful to my thesis Co-
Chair, Dr. Bill Tseng, for his continuous encouragement and support that allow me to
concentrate more on my studies and research. I would like to express my sincere appreciation to
Drs. Mandal and Tseng for encouraging me to communicate my research findings at journal,
IEEE conference, and symposiums. I am also thankful to Dr. Virgilio Gonzalez for being my
thesis committee member and providing me valuable suggestions to improve the quality of
thesis. I would like to express my sincere gratitude to U.S. Department of Education – DHSIP
Program (Award #P031S120131) and Interdisciplinary Research Seed (IRS) Fund (2014-2015),
College of Engineering, UTEP for providing partial support to carry out my thesis.
I am very much thankful to my parents for their unconditional love and support for
providing me a quality education since from my childhood, and encouraging me to pursue
Master degree at The University of Texas at El Paso (UTEP). Furthermore, I also want to thank
all my friends who supported me during my thesis period. The members of Power and
Renewable Energy System (PRES) lab, where I carried out my thesis, also deserve kind
appreciation for providing valuable research discussions.
v
Abstract
Cyber security is one of the major needs for electric power industry like many other
industries and organizations. The advancements in technology provide numerous benefits to
power industry as well as benefits cyber attackers to perform different cyber-attacks on the
industry. Power system is a complex physical entity that deals with power generation,
distribution, and transmission. In general, no individual or company or an organization can bear
a one hour power cut, which shows the need for reliability in electric power industry.
In order to develop a reliable and secure Supervisory Control and Data Acquisition
(SCADA) communication network, this thesis contributes to propose a SCADA system with
Mobile Ad hoc Network (MANET) for residential microgrid communications. The proposed
network’s objective is to collect the data of power consumption from smart meters in houses and
Electric Vehicles (EV). The proposed network also helps to connect mobile operators into the
system, which are helpful in emergency situations such as power blackouts. In addition, by
studying the various possible cyber-attacks on MANET, this thesis contributes to apply two
Intrusion Detection and Prevention (IDP) technologies: (i) Monitoring, Detection, and
Rehabilitation (MDR) approach and (ii) Secure Knowledge algorithm with Anomaly detection
(SKA) to the proposed SCADA network for securing the network from various Denial of Service
(DoS) attacks. Network Simulator version 2 (NS-2), which is widely known for MANET
simulations, is used for testing the effectiveness of both IDP technologies (MDR and SKA).
MDR approach is applied when attacker introduce malicious nodes into the proposed SCADA
communication network. Test results presented in Chapter 4 show the effectiveness of MDR
approach in defending malicious nodes, which lead to DoS attacks. In this thesis, our proposed
IDP technology is SKA, which is applied to the SCADA network when it is attacked by DoS
attacks such as blackhole attacks and anomaly attacks. Test results presented in Chapter 5
demonstrate the efficiency of the SKA technology in defending DoS attacks.
vi
Table of Contents
Acknowledgements ........................................................................................................................ iv
Abstract ............................................................................................................................................v
Table of Contents ........................................................................................................................... vi
List of Tables ................................................................................................................................. ix
List of Figures ..................................................................................................................................x
Chapter 1: Introduction ....................................................................................................................1
1.1 Background and Research Motivation .........................................................................1
1.2 Problem Statement and Rationale for the Study ..........................................................3
1.3 Thesis Objective...........................................................................................................5
1.4 Scope and Limitations..................................................................................................6
1.5 Thesis Organization .....................................................................................................7
Chapter 2: Literature Review ...........................................................................................................9
2.1 Present Status of SCADA System ...............................................................................9
2.1.1 Components of SCADA System ........................................................................9
2.1.2 Architecture of Current SCADA System .........................................................10
2.2 Vulnerabilities in Current SCADA System .............................................................11
2.3 Physical and Cyber-Attacks on the SCADA System .................................................12
2.3.1 Physical Attacks ...............................................................................................12
2.3.2 Cyber Attacks...................................................................................................13
2.4 Benefits from Integrating ACT into SCADA System ...............................................14
2.4.1 Wireless Sensor Networks ...............................................................................14
2.4.2 Ad hoc Networks .............................................................................................14
2.4.3 Internet .............................................................................................................15
2.4.4 SCADA Architecture with ACT for Power System Operation .......................15
2.5 IDP technologies to Prevent Cyber-Attacks ..............................................................16
2.5.1 Methods of Intrusion Detection in IDP Technologies .....................................16
2.5.2 Types of IDP Technologies .............................................................................17
2.6 Summary ....................................................................................................................17
vii
Chapter 3: Proposed SCADA Communication Network using MANET ......................................18
3.1 Introduction of MANET ............................................................................................18
3.1.1 Advantages of MANET ...................................................................................18
3.1.2 Challenges of MANET ....................................................................................19
3.2 Various Cyber-Attacks on MANET ..........................................................................19
3.3 Routing Protocols Used in MANET ..........................................................................21
3.3.1 Table Driven Routing Protocols ......................................................................21
3.3.2 Source Initiated on Demand Driven Routing Protocols ..................................21
3.4 Proposed SCADA Network for Residential Microgrid Communication ..................22
3.4.1 Objective of the Proposed SCADA Communication Network........................23
3.5 Summary ....................................................................................................................23
Chapter 4: MDR Approach Based IDP Technology......................................................................24
4.1 MDR Approach ..........................................................................................................24
4.1.1 Monitoring Stage .............................................................................................24
4.1.2 Detection Stage ................................................................................................25
4.1.3 Rehabilitation Stage .........................................................................................25
4.2 Applying MDR approach to the Proposed SCADA Network ...................................25
4.3 Developing the Network Using NS-2 Simulator .......................................................26
4.4 Results of Scenario 1: By Varying Total Number of Nodes .....................................28
4.5 Results of Scenario 2: By Varying Data Rate ............................................................30
4.6 Summary ....................................................................................................................32
Chapter 5: Proposed IDP Technology Based on Secure Knowledge Algorithm...........................33
5.1 Proposed SKA Technology.......................................................................................33
5.2 Developing the Proposed SCADA Communication Network using NS-2 ...............35
5.3 Data Flow Under SKA ..............................................................................................35
5.4 Results and Discussion .............................................................................................38
5.5 Summary ...................................................................................................................40
Chapter 6: Conclusions and Recommendations for Future Work .................................................41
6.1 Summary and Conclusion .........................................................................................41
6.2 Recommendations for Future Work ..........................................................................42
viii
References ......................................................................................................................................43
Appendix I .....................................................................................................................................49
Appendix II ....................................................................................................................................53
Appendix III ...................................................................................................................................55
Appendix IV...................................................................................................................................57
Appendix V ....................................................................................................................................59
Vita ..............................................................................................................................................60
ix
List of Tables
Table 4.1: Network simulation parameters for MDR approach. .................................................. 26
Table 5.1: Network simulation parameters for proposed IDP technology. .................................. 35
Table AV.1: Technical specifications of PC................................................................................. 59
x
List of Figures
Figure 1.1: Architecture of MMEMS. ............................................................................................ 2
Figure 1.2: Graphs generated from smart meter data [8]. ............................................................... 4
Figure 1.3: Organization of thesis. .................................................................................................. 7
Figure 2.1: Architecture of Current SCADA System. .................................................................. 10
Figure 2.2: Architecture of SCADA with ACT. ........................................................................... 15
Figure 3.1: SCADA communication network with MANET. ...................................................... 22
Figure 4.1: Network under attack case. ........................................................................................ 27
Figure 4.2: Network under intrusion detection case. .................................................................... 27
Figure 4.3: PDR for attack case (red line) and intrusion detection case (blue line) in Scenario-1.
....................................................................................................................................................... 28
Figure 4.4: Throughput for attack case (red line) and intrusion detection case (blue line) in
Scenario-1. .................................................................................................................................... 29
Figure 4.5: Delay for attack case (red line) and intrusion detection case (blue line) in Scenario-1.
....................................................................................................................................................... 29
Figure 4.6: PDR for attacks case (red line) and intrusion detection case (blue line) in Scenario-2.
....................................................................................................................................................... 30
Figure 4.7: Throughput for attacks case (red line) and intrusion detection case (blue line) in
Scenario-2. .................................................................................................................................... 31
Figure 4.8: Delay for attacks case (red line) and intrusion detection case (blue line) in Scenario-
2..................................................................................................................................................... 31
Figure 5.1: Flowchart of the proposed IDP technology. ............................................................... 34
Figure 5.2: Route discovery using AODV. ................................................................................... 36
Figure 5.3: Detection of blackhole attacked node. ....................................................................... 36
Figure 5.4: Optimal route for sending data to destination. ........................................................... 37
Figure 5.5: Identification of misbehaving node. ........................................................................... 37
xi
Figure 5.6: Optimal route with trusted communication nodes. .................................................... 38
Figure 5.8: Network throughput with the application SKA. ......................................................... 39
Figure 5.7: PDR with the application of SKA. ............................................................................. 39
Figure 5.9: Delay with the application of SKA. ........................................................................... 40
1
Chapter 1: Introduction
1.1 BACKGROUND AND RESEARCH MOTIVATION
Power system is one of the most complex physical entities that deal with various tasks
such as electricity generation, electricity transmission, and electricity distribution. Power system
operates a huge infrastructure with proper maintenance, control, and security in order to achieve
the aforementioned tasks successfully. One of the major issues of electric power industry is to
meet electricity supply and demand. World electricity demand has increased at an average of
3.1% per year from the years 1990 to 2011, and it is estimated that electricity demand increase
by more than two thirds from the years 2011 to 2035 [1]. Considering the growing demand for
electricity, electric power industry focuses on Distributed Generation (DG) such as hydro,
thermal, nuclear, Energy Storage Systems (ESS), and renewable energy sources. The
advancements in technology transformed traditional power grid to smart grid, which enables
effective integration of DG. Furthermore, the integration of renewable energy sources reduce
Greenhouse Gas (GHG) emission that leads to low carbon economy [2], [3]. Smart grid enables
two-way flow of electricity and communication, which helps to bring automation and to create
an advanced distributed energy delivery network [4].
The whole operations of this complex power system is monitored and controlled by
Supervisory Control and Data Acquisition (SCADA) system. SCADA system is the combination
of telemetry and data acquisition [5], and SCADA system monitors all the remote substations of
the power system by collecting and analyzing the data received from substations. SCADA master
sends the control commands to the substations based on the analyzed data. SCADA system is
essential for monitoring and controlling the operations of power system. The integration of DG
increase complexity in the power system and this makes the role of SCADA system more crucial
and challenging. To understand the role of SCADA in operating a power system consider the
Multi Microgrid Energy Management System (MMEMS), which is controlled and operated by
the SCADA system as shown in Figure 1.1.
2
In general, MMEMS comprises of various DG such as Photovoltaic (PV), wind, ESS,
Electric Vehicles (EV), loads, and smart appliances (see Figure 1.1). In MMEMS, Micro Grid
Control Center (MGCC) comprises of sub SCADA master that collects the data from substations
of residential, industrial, and commercial microgrid. MGCC sends the collected data to MMEMS
control server where the data is analyzed. MMEMS control server comprises of SCADA master,
Figure 1.1: Architecture of MMEMS.
3
which sends the control commands to the substations of residential, industrial, and commercial
microgrid. This process of collecting data and sending control commands to substations is
carried out using communication and control network. The technology advancements that are
made to smart grid for the integration of DG brought new challenges to SCADA system.
1.2 PROBLEM STATEMENT AND RATIONALE FOR THE STUDY
Vulnerabilities in existing SCADA system such as communication infrastructure, poor
authentication, unencrypted data transmission, network design vulnerabilities, network
configuration vulnerabilities, and lack of proper firewalls lead to physical and cyber-attacks on
the power system. The operation of a power system with multiple functional devices such as DG,
is a puzzling task for current SCADA system. The effective management of complex power
system such as MMEMS (see Figure 1.1) with various operational devices is possible with a
reliable and secure SCADA communication and control network [6].
Furthermore, the growing competition in electric power industry benefits the customers
to get more quality of power at cheaper prices. Furthermore, competition is likely to increase the
mainly at the power distribution edge where the smart grid is connected with customers through
smart meters [7]. Smart meters receive the data of power consumed by the customers and helps
the utility balance the supply and load. Figure 1.2 shows how the data obtained from smart meter
is used to have a good understanding of the load demand. The Figure 1.2a shows the demand
based on half-hourly data received from smart meters, and shows that the demand is high from
9:00 to 18:00. The Figure 1.2b shows the demand based on one minute data from smart meters
provide more detailed information about the household appliances by using appliance level plug
monitors. From the Figure 1.2, it is seen that smart meters are able to provide the information of
power consumption to customers effectively. Smart meters are also designed to measure voltage
to improve voltage and power quality. Smart meters also help operators to determine any power
outages in the specific location. Smart meters are helpful in generating the electricity bills to
customers by time varying demand and time varying price of electricity. Furthermore, the
4
Figure 1.2: Graphs generated from smart meter data [8].
information obtained from smart meters is sensitive as it contains customers personal
information, such as the time they stay in home, the time they goes out, and the time they use
specific appliances. Every customer wants privacy to his personal information, as privacy is the
fundamental right of the individual [8]. It is very important to keep the collected information
from smart meters as confidential. Moreover, the growing competition in electric power industry
may benefit cyber attackers to perform cyber-attacks such as data modification, eavesdropping,
and phishing attacks on the smart meter communication networks that collect the data of power
consumption from customers and replace it with false data to bring loss to the utility.
5
Hence, there is a need to have a reliable and secure SCADA communication and control
network that is able to control the complex power system effectively and to enhance the
cooperation between various operational devices in the system. In addition, considering the
growing competition at the power distribution edge, it is required to secure smart meters data as
they contain sensitive information that benefits other competitors.
1.3 THESIS OBJECTIVE
The aim of this thesis is to study various Advanced Communication Technologies (ACT)
that can be integrated into existing SCADA system for bringing more automation, mobility,
accessibility, and security to the SCADA control and communication networks. This involves
building a SCADA communication network which is secure and reliable for collecting the power
consumption data in residential microgrid. The specific objectives of this thesis are given below.
Objective 1: To analyze and assess various benefits of SCADA system integrated with
ACT and propose communication network for residential microgrid.
Objective-1 studies the benefits of ACT such as wireless sensor networks,
internet, and Mobile Ad hoc Network (MANET) when they are used in SCADA system
for monitoring and controlling the power system operations. The Objective-1 proposes a
communication network using MANET in residential microgrid for reliable and secure
smart meter communications.
Objective 2: To apply Intrusion Detection and Prevention (IDP) technologies to protect
the proposed residential microgrid communication network from cyber-attacks.
Objective-2 emphasizes on various cyber-attacks on MANET, and applies two
IDP technologies: (i) Monitoring, Detection, and Rehabilitation (MDR) approach and
(ii) Secure Knowledge algorithm with Anomaly detection (SKA) to the proposed SCADA
communication network by using Network Simulator version 2 (NS-2). The objective-2
focuses on determining the effectiveness of MDR and SKA technologies in detecting and
preventing Denial of Service (DoS) attacks.
6
1.4 SCOPE AND LIMITATIONS
This thesis focuses on developing a SCADA control and communication network using
ACT. The major contribution of this study is to propose SCADA communication network using
MANET. By understanding the dynamic nature of MANET, which benefits cyber attackers to
perform cyber-attacks two IDP technologies are applied to the proposed SCADA communication
network. (i) MDR approach and (ii) a SKA, which is the proposed IDP technology
The major scope of this project is to know the advantages of ACT when they are
integrated with existing SCADA system. ACT will make the system more reliable, secure, and
automated. SCADA communication network using MANET is cost effective and easy to
implement, MANET also bring mobility into the system, so that the operator can move out of the
control center without losing the control on the system. This study also presents the effectiveness
of two different IDP technologies in detecting and preventing cyber-attacks such as DoS attacks.
Following are the limitations of this thesis.
This thesis focuses only on using MANET in SCADA communication network.
Due to complexity in network, our proposed IDP technology, i.e., SKA is only
tested when there are 50 communication nodes in the network.
Both the IDP technologies, i.e., MDR approach and SKA are applied to the
proposed network are only effective in defending DoS attacks. However, other
cyber-attacks such as Sybil attacks, phishing attacks, network travelling worms,
and spoofing attacks are not considered in this thesis.
IDP technologies are tested in this thesis when Ad hoc On Demand Distance
Vector (AODV) is used as a routing algorithm. The effectiveness of IDP
technologies under the other MANET routing algorithms such as Dynamic Source
Routing (DSR), Destination Sequenced Distance Vector routing (DSDV), and
Associativity Based Routing (ABR) are not tested.
7
1.5 THESIS ORGANIZATION
This thesis consists of total 6 chapters and the organization of the thesis is presented in
Figure 1.3. This section presents the structure of this thesis by briefly explaining each chapter.
Chapter 2 presents the literature review and also confers the architecture and status of
existing SCADA system. Chapter 2 also discuss different vulnerabilities in the existing
SCADA system that leads to physical and cyber-attacks on the system. Chapter 2 also
discuss the benefits of integrating ACT such as wireless sensor networks, internet, and
MANET into the SCADA system. Chapter 2 also explains various IDP technologies
available to prevent cyber-attacks on ACT.
Chapter 3 presents the advantages and disadvantages of MANET, and discusses the
various routing protocols that can be used in MANET. This chapter also discusses
various possible cyber-attacks on MANET such as black hole attacks and wormhole
Figure 1.3: Organization of thesis.
8
attacks. The main contribution of this chapter is to propose a SCADA communication
network using MANET for collecting the data of power consumption from smart meters
in residential houses and EV.
Chapter 4 presents how the proposed SCADA communication network is developed
using NS-2 simulator. This chapter focuses on the application of MDR approach to the
proposed network when attacker introduce malicious nodes into the network. This
chapter further presents the effectiveness of MDR approach in defending DoS attacks,
when the proposed network is simulated in two scenarios: (i) varying total number of
nodes and (ii) varying data rate.
Chapter 5 proposes a new IDP technology, i.e., SKA. The SCADA network is developed
using NS-2 and the proposed IDP technology is applied when the network is under DoS
attacks such as blackhole attacks and anomaly attacks. Results demonstrates the
effectiveness of the proposed IDP technology, i.e., SKA in detecting and preventing
blackhole attacks and anomaly attacks that result in packet dropping.
Chapter 6 concludes the major findings and contributions of this thesis. This chapter also
presents the possibility of future research in integrating ACT and preventing cyber-
attacks on the SCADA control and communication network.
9
Chapter 2: Literature Review
The objective of this chapter is to study the vulnerabilities in the SCADA system. This
involves determining the possible solutions to overcome those vulnerabilities and also to enhance
reliability and security of the system.
2.1 PRESENT STATUS OF SCADA SYSTEM
SCADA system monitors and controls foremost utility networks including power
systems. The responsibilities of SCADA system include (i) collecting the data from remote
substations, (ii) analyzing the collected information from remote substations, and (iii) sending
control commands to the remote substations through SCADA master with the help of Human
Machine Interface (HMI). SCADA system delivers real-time status of the power system, and
also provides information to operators regarding the condition of operational devices whether
they need maintenance or replacement.
2.1.1 Components of SCADA System
SCADA system is a combination of several components [9], [10]. Major components of
the SCADA system are described below.
Sensor networks: sensors at remote substations collect the information such as
voltage, current, phase angle, and trip coil status.
Remote Terminal Units (RTU): In general, RTU is the control center for the
substation. RTU comprises sub SCADA master, which collects data from all the
sensor networks and controls the substation. RTU stores all the collected
information from the sensor networks of the substation.
Programmable Logic Controllers (PLC): These PLC are located in substation and
used for automation. PLC, sensor networks, and RTU are connected to each other
for finding the real time status of the substation.
Master Terminal Unit (MTU): MTU is the major control center of the total
SCADA system. It is connected to all the remote substations through RTU. It
10
collects and analyzes all the stored data from RTU, and sends control commands
to all the substations through SCADA master.
HMI: It provides Graphical User Interaction (GUI) to the operators at MTU and
RTU for easy and efficient operation of the system.
Control and Communication network: This network connects MTU to all the
RTU for proving a two way communication among them.
2.1.2 Architecture of Current SCADA System
The importance of proving security to the SCADA system has acknowledged after four
major blackouts through United States, Canada, and Europe in the year 2003 [11]. Since 2003,
major improvements are made to the SCADA system. The current SCADA system architecture
is briefly shown in Figure 2.1.
Figure 2.1: Architecture of Current SCADA System.
11
The communication and control networks of current SCADA system consists of various
number of Local Area Networks (LAN) that are connected to the Wide Area Network (WAN)
[12]. In every substation RTU, PLC, and sensor network are connected through LAN, and all the
substations are connected to the control center, i.e., MTU through WAN.
2.2 VULNERABILITIES IN CURRENT SCADA SYSTEM
The numerous efforts made to the development of architecture of SCADA system
increased the system dependence on Information and Communication Technology (ICT) and
brought new vulnerabilities. In April 2013, the attack on Pacific Gas and Electric (PG&E)
substation raised many questions on the vulnerabilities of physical systems [13]. Federal Energy
Regulation Commission (FERC) study says that the attack on 9 substations out of 55,000
transmission substations will take down the entire United States transmission grid [14]. The
vulnerabilities that exist in current SCADA system are described below [15]-[22].
Unpatched operating systems: These systems bring more risk to the companies
and industries such as electric power industry as they are more exposed to cyber
threats.
Unencrypted data transmission: As the data transmitted through SCADA
communication and control network is sensitive, there are cyber threats from
unauthorized people to get access to the sensitive data.
Poor authentication: This will lead to provide sensitive information to
unauthorized people such as user login information.
Network design vulnerabilities: Due to the lack of proper segmentation and
firewalls, a cyber-attack will lead to hours of site down, loss of data, and requires
a lot of time to reestablish the server.
Network configuration vulnerabilities: Due to the lack of port security, malicious
USB and other external devices connected will damage the sensitive files in the
system.
12
Poor code quality: This will benefit cyber-attackers to insert malicious commands
into the code.
Network Protocols: Some of the network protocols used for data transmission will
not support data encryption.
Some of the SCADA manufacturing companies are developing SCADA system
that runs on Windows and Linux. The vulnerabilities related to security in those
operating systems is widely known and with the help available advanced hacking
tools cyber attackers can get sensitive information.
SCADA software vulnerabilities will bring virus into the network, which gives
false information to the system operator through HMI.
Company websites sometimes provide useful to data cyber attackers by exposing
their organization structure, corporate network system names, employee names,
and employee email addresses.
Absence of real-time monitoring: Operators devastate with the huge amount of
data they received from network security sensors.
The current using communication infrastructure for phasor measurement units is
not authenticated that leads to compromise data integrity.
2.3 PHYSICAL AND CYBER-ATTACKS ON THE SCADA SYSTEM
The aforementioned vulnerabilities will lead to different types of both physical and
cyber-attacks on the SCADA system as described below.
2.3.1 Physical Attacks
Following are some physical attacks that are possible on the SCADA system [23].
Tapping high frequency waves with portable current transformer helps attackers
to extract the information from power line carrier communication.
To corrupt the information in optical fibers, attackers use in-band jamming and
out-of-band jamming technologies.
13
A natural disaster will lead to physical damage of the entire communication
infrastructure, which leads the operator to lost control on the system.
2.3.2 Cyber Attacks
Following are the cyber-attacks that are possible on the SCADA system [15]-[22].
Eavesdropping: By using a sniffing sensor, attacker can listen to the private
conversation between two communication nodes.
Man-in-the-middle attack: Attacker will attack the communication network when
two nodes are communicating and modifies the data, which sends false
information to the destination node.
Data injection: Injecting false data into the sensors, which gives incorrect status
of the system to operator.
Node compromise attack: Attacker will compromise the sensor node by getting
access to the computer, which leads to data injection and data modification
attacks.
DoS attacks: Attacker changes the header address of the data packet to send the
information to different destination or makes the node to drop the packets it
received, which results in data lost.
Phishing attacks: Attackers will get sensitive information such as user names and
passwords. In general, these attacks will be done by email spoofing and instant
messaging asking users to enter their login credentials.
Domain Name System (DNS) spoofing: When user enters a domain name in the
browser these attacks will made users to direct their systems data into attacker’s
computer.
Virus infection: Virus infection is possible from data download, USB drives, CD-
ROMs, and floppy disks. Attacker may use any malicious device and connect to
14
the systems port to inject virus into the system. This infection may corrupt the
data in system or helps attacker to remotely operate the infected computer.
Network malware infection: Attacker injects worms into the network, the
difference between virus and worm is; virus can only be transferred if a file is
transferred between two computers. Worm runs independently and spread
throughout the network then it acts like virus.
2.4 BENEFITS FROM INTEGRATING ACT INTO SCADA SYSTEM
The integration of ACT improves the system parameters such as reliability, availability,
and security. There are several benefits with the integration of ACT such as wireless sensor
networks, internet, and MANET [24]-[26]. This integration helps to bring more automation,
accessibility, and mobility into the system. More detailed benefits due to these ACT are
presented below.
2.4.1 Wireless Sensor Networks
They collect information from the surrounding operational devices and send the collected
information to control center. They do not need any wired equipment such as cables for
communication. Following are the advantages of wireless sensor networks.
Low power consumption
Cost effective implementation
Reliability
2.4.2 Ad hoc Networks
The increase in demand for wireless communications helps ad hoc networks to gain
significant importance. Ad hoc networks are similar to wireless sensor networks, but every node
in the network acts as a router and do not require any hardware or software for communication.
Following are some advantages of ad hoc networks.
Mobility
Scalability
15
Reliability
Self-healing
Self-configuration
Redundancy
Cost effective implementation
2.4.3 Internet
Internet helps to get information quickly from various smart devices at remote locations.
Web based SCADA or internet SCADA helps operators to take action on the alarms through a
virtual machine. The main advantage of the internet is to provide accessibility to the system
operator wherever the operator is in this world.
2.4.4 SCADA Architecture with ACT for Power System Operation
By considering the advantages from ACT, this thesis recommends to integrate ACT into
the SCADA system. Figure 2.2 shows the architecture of SCADA system with ACT.
Figure 2.2: Architecture of SCADA with ACT.
16
As it can be seen from Figure 2.2, wireless sensor networks collect the data from all the
smart devices in the remote substations and sends that information to the RTU, which sends the
information to SCADA control center through internet. System operators can connect to the
system using internet or through ad hoc network.
2.5 IDP TECHNOLOGIES TO PREVENT CYBER-ATTACKS
Besides the advantages from integrating ACT into the current SCADA system, there are
some disadvantages in the form of cyber threats. There is a huge research going on developing
IDP technologies to provide cyber security to these ACT, and some of them are reported in [27]-
[31].
2.5.1 Methods of Intrusion Detection in IDP Technologies
Following are the methods of intrusion detection [32].
Signature based detection: This method of intrusion detection helps to detect
previously known threats. It compares the signatures of received data over the
observed events to detect probable incidents. This kind of detection is very
efficient in detecting previously known threats and inefficient in detecting new
threats, which are not handled previously. This detection method has very
minimum understanding of several network and application protocols, and it is
difficult to find threats during complex communications. They also forget
previous requests when processing current requests such as request to a web
server for a particular page. These limitations restrict signature based detection to
detect threats while handling multiple events.
Anomaly based detection: This method of detection is very efficient in detecting
previously unknown threats. It comprises of many profiles to understand the
normal behavior such as the average bandwidth, data rate, number of emails sent
by the user, and number of times user tried to login for system access. This
detection method will generate alert if anything new happens from previous. For
17
example, it generates alert if the data rate is increased than the normal. The issue
with this detection method is it generates numerous alerts including both threats
and non-threats this will make difficult and time consuming to analysts to find the
real threat.
2.5.2 Types of IDP Technologies
Following are the types of IDP technologies [32].
Network based: It monitors network traffic and identifies suspicious activity by
analyzing network and application protocols activity. These are mostly installed at
the routers of Virtual Private Networks (VPN), and remote access servers.
Wireless: It monitors and analyze the wireless network protocols for identifying
the suspicious activity. It cannot identify threats at application layer protocols.
These are mostly installed within the range of organizations or industries wireless
network.
Network behavioral analysis: It monitors the network traffic and identifies threats
such as Distributed Denial of Service (DDoS) attacks and worms in the network.
These are mostly deployed in organizations internal network and also installed at
the point where the internal network is connected to external network.
Host-Based: It monitors characteristics and events of the single host for finding
suspicious activity. These monitor network traffic of that host, application
activity, system logs, and configuration changes. These are deployed on the key
servers such as public available servers and servers that has sensitive information.
2.6 SUMMARY
Chapter 2 provided the detailed literature review on the vulnerabilities that are present in
the current SCADA system. This chapter also presented the benefits of integrating ACT into the
SCADA system. Various IDP technologies and the methods used in ACT for providing cyber
security are also discussed.
18
Chapter 3: Proposed SCADA Communication Network using MANET
This chapter considers the advantages of the ACT discussed in Chapter 2, and provides a
detailed study on the advantages and challenges of MANET. This chapter also discusses various
possible cyber-attacks on MANET. This chapter contributes to propose a SCADA
communication network using MANET.
3.1 INTRODUCTION OF MANET
Ad hoc network comprises of wireless nodes that communicate through a common
wireless channel [33]. They do not need any infrastructure or a central access point to
communicate. Each node in the network acts as a router to transmit data packets from source to
destination. All the communication nodes coordinate and work together for maintaining
reliability in the network. These ad hoc networks are referred as mesh networks as the topology
of the network represents a mesh topology. MANET brings mobile applications into the ad hoc
network to bring more benefits and challenges into the network. MANET brings flexibility into
the network as they are self-healing, self-configurable, and self-maintainable networks. The
hybrid MANET refers to a MANET that is connected to Internet or any other private network.
The mobility in MANET allows communication nodes that act as routers to move freely, which
leads to unpredictable and rapid change in network topology [34].
3.1.1 Advantages of MANET
Following are the advantages of using MANET in the communication network.
The deployment of MANET is cost effective, simple, and fast.
Power consumption is less compared to other wireless networks.
The network is robust as it continue to operate even there is a failure in some
communication nodes.
MANET bring redundancy into the network as they do not rely on any software or
hardware.
19
Scalability is achieved by MANET as they provide easy access to add more
communication nodes.
Increase the reliability of the network by establishing a continuous
communication.
Very useful in natural disaster conditions to create communication link between
users.
Useful in military applications such as to communicate with tanks, planes, and
formation of soldiers.
There are also several civil applications of the MANET such as entertainment on
travel, conferences, exhibitions, lectures, and sports events.
Vehicular ad hoc networks are gaining significant importance as they provide
information of traffic jams, dangerous spots, obstacles, and speed controls to the
users.
3.1.2 Challenges of MANET
Following are the challenges associated with MANET [35], [36].
Quality of Service (QoS) is affected by the network dynamic nature, no
centralized control, and radio interference.
Limited bandwidth due to continuous change in routing process.
Limited battery power of some devices in the network.
Security concerns during the data transmission from the dynamic nature, limited
bandwidth, and limited battery power.
3.2 VARIOUS CYBER-ATTACKS ON MANET
The aforementioned challenges benefit the cyber attackers to perform cyber-attacks on
MANET. Following are some major cyber-attacks on MANET [37]-[40].
External attacks: In this scenario, an external node that is not a part of network will
penetrate into the network and perform malicious activities.
20
Internal attacks: In this scenario, attacker compromises the internal node to perform
malicious activities.
Passive attacks: Attacker sense the information of all the nodes without troubling the
communication flow and use that sensed information to perform active attacks.
Active attacks: Attacker uses the data obtained from passive attack and interrupt the data
flow in the network. These active attacks include both external and internal attacks. In
most cases these active attacks result in DoS attacks.
DoS attacks: Attacker cracks into the network and make the network services unavailable
to the intended users. There are several types of DoS attacks such as blackhole attack,
greyhole attack, and wormhole attack.
Blackhole attack: In this attack scenario, a malicious node will provide false routing
information to the source node. The malicious node present a fake route to the source
node and makes the source node to believe it is the optimal route for sending data to
destination. During the data transmission the malicious node drops or modifies the data
packets.
Greyhole attack: In this consequence, attacker extends the black hole attack by making
the malicious node to drop or modify packets for some time and make the malicious node
to behave ordinary for some time. This kind of situation brings difficulty to find the
malicious node.
Wormhole attack: These attacks can be performed even the routing information is kept
confidential, authenticated, and encrypted. This attack can be made without the
knowledge on the network and without compromising any nodes in the network. In this
attack, there are two or more malicious nodes in the network that creates a high speed
tunnel among them, which is referred as the wormhole to drop or modify data packets.
Once a wormhole attack is successfully implemented it is difficult to discover a new
route other than wormhole.
21
3.3 ROUTING PROTOCOLS USED IN MANET
Routing protocols are used to initiate a route between source and destination for data
transmission. The responsibilities of routing algorithm are (i) to determine the best route with
shortest distance from source to destination, (ii) to maintain a routing table that contains the
information of all the nodes in network, and (iii) to keep table up to date when new nodes join
into the network and old nodes are out of the network. The routing protocols of MANET are
classified into two types: (a) table driven routing protocols and (b) source initiated on demand
driven routing protocols [34].
3.3.1 Table Driven Routing Protocols
These protocols enable all the communication nodes in the network to maintain an up-to-
date routing information. Each node may have one or more routing tables, which helps the node
to respond when there is a change in network topology, i.e., when new nodes join into the
network and when previous nodes participated in communication are out of the network. There
are three types of routing protocols in this category. The three protocols are only different in
maintaining the information in table with respect to changes in the network. Following are the
types in table driven routing protocols.
Destination Sequenced Distance Vector routing (DSDV),
Cluster Head Gateway Switch Routing (CGSR), and
Wireless Routing Protocol (WRP).
3.3.2 Source Initiated on Demand Driven Routing Protocols
These protocols follow a different approach from table driven routing protocols. Unlike
maintaining the tables for nodes, these protocols only initiate route discovery process when it is
desired by the source node. These protocols find all the possible routes from source to
destination and select the best route to send data packets from source to destination. Following
are the types of source initiated on demand driven routing protocols.
Ad-hoc On Demand Distance Vector Algorithm (AODV),
22
Dynamic Source Routing (DSR),
Temporally Ordered Routing Algorithm (TORA),
Associativity Based Routing (ABR), and
Signal Stability Routing (SSR).
3.4 PROPOSED SCADA NETWORK FOR RESIDENTIAL MICROGRID COMMUNICATION
By considering the advantages of MANET, this thesis contributes to present a SCADA
communication network with MANET for residential microgrid communication. The proposed
network is shown in Figure 3.1.
Figure 3.1: SCADA communication network with MANET.
23
3.4.1 Objective of the Proposed SCADA Communication Network
The proposed network objective is to collect data such as power consumption, power
production, and power and voltage quality from the smart meters in residential houses and EVs.
This network also benefits in connecting mobile system operators into the network. These
operators are useful to provide immediate mitigation by receiving alerts to their smart phones
during the emergency situation such as power blackout in those areas. This network is also
helpful to establish connection even in the emergency situations such as natural disasters. The
data collected from EVs can be utilized to analyze the performance of different technologies
used in EVs by understanding the power consumption pattern with respect to speed and distance
they travelled. The major purpose of using MANET is to connect mobile communication nodes
such as mobile system operators and EVs into the network. In our proposed network, every
communication node such as smart meter, mobile phones, and laptops act as routers to find the
best path for sending data from source to base station. The proposed network do not need any
infrastructure to implement, and the network is self-configurable and self-maintainable. The
objective of the network also includes providing security to the data being transferred as smart
meters contain sensitive information that benefits other companies to take over them. Smart
meters also contains consumer’s personal data which has to be secured. In order to provide cyber
security to our proposed network we applied two IDP technologies. The details of the IDP
technologies are explained more in Chapters 4 and 5 in the context of detecting and preventing
DoS attacks.
3.5 SUMMARY
By considering the advantages of MANET in creating a reliable communication network
in a cost effective manner, Chapter 3 presented a SCADA communication network in residential
microgrid using MANETs. Chapter 3 also discussed the challenges associated with MANET that
leads to cyber threats. In next, Chapters 4 and 5 will provide security measures to the cyber
threats.
24
Chapter 4: MDR Approach Based IDP Technology
Chapter 4 focuses on the challenges of the MANET that leads to DoS attacks. In this
chapter, an IDP technology based on MDR approach for detecting and preventing malicious
nodes is applied to the proposed SCADA communication network (see Figure 3.1) presented in
Chapter 3.
4.1 MDR APPROACH
MDR approach is the IDP technology used to defend DoS attacks by detecting and
preventing malicious nodes [41]. MDR approach comprises of three stages (i) monitoring stage,
(ii) detection stage, and (iii) rehabilitation stage.
4.1.1 Monitoring Stage
This stage monitors all the nodes in the network, and two values are determined from this
stage, i.e., Accomplished Trust Value (ATV) and Reputation Trust Value (RTV).
Accomplished Trust Value
ATV indicates that the specific task of the node is completed successfully. ATV is the
sum of ATV-1 and ATV-2 [41].
o ATV-1: If the node sends packet to the projected destination, then ATV-1 is 0.5. If the
node fails to send packet to the projected destination then ATV-1 is 0.
o ATV-2: If the node sends an acknowledgement to the source node that it has received the
packet then ATV-2 is 0.5. If it did not send acknowledgement, then ATV-2 is 0.
o ATV= (ATV-1) + (ATV-2), if this sum is equal to 1, then the node is considered as not
malicious in this stage.
Reputation Trust Value
RTV shows the reputation of the node during the data transmission. This reputation
depends on how many times the node drop packets while data is transferred through that node.
The initial value of RTV is equal to 1. If the node drop packets for the first time then value of
25
RTV will drop to 0.5. If the node drop packets for the second time then the value of RTV is 0.25,
and if the node drop packets for the third time then RTV value is 0.
4.1.2 Detection Stage
This stage determines the Honesty Trust Value (HTV) of the node. Honesty of the node is
defined as the trust that the node gain from other nodes in the network. If the information
exchange between two nodes match the information that comes from other nodes then HTV is 1,
otherwise HTV is 0.
Total Trust State Value (TTSV) is calculated by using following equation [41]
TTSV = ∑ (ATV+RTV+HTV) – 2 (1)
TTSV consists of only two values. If the node is trusted then TTSV is equal to 1 and if
the node is not trusted then TTSV is equal to 0. Any value of TTSV, which is a negative value
and a number less than 1 is considered as malicious.
4.1.3 Rehabilitation Stage
Due to the dynamic nature of MANET, the nodes will not be in the same state for long.
This stage benefits to use of the malicious nodes in the future data transmission when they come
back to the normal state. In this stage, the periodic check for the malicious nodes will be done
until the value of TTSV is equal to 1.
4.2 APPLYING MDR APPROACH TO THE PROPOSED SCADA NETWORK
In order to prevent DoS attacks caused by malicious nodes in the network, we applied
MDR approach to our proposed SCADA network for residential microgrid communications and
this is communicated in our paper [42]. The effectiveness of MDR approach on our proposed
SCADA network is tested in two scenarios.
Scenario 1: Varying the total number of nodes from 50 to 200.
Scenario 2: Varying the data rate from 10kb/sec to 40kb/sec.
In each scenario, we simulated the network in two different cases, i.e., attack case and
intrusion detection case.
26
Attack case: In this case, malicious nodes are introduced into the network.
Intrusion detection case: In this case, MDR approach is applied to the network
when there are malicious nodes.
4.3 DEVELOPING THE NETWORK USING NS-2 SIMULATOR
The network similar to the proposed SCADA network for residential microgrid
communication is developed using NS-2 simulator. The parameters of the developed network are
presented in Table 4.1. Appendix I presents the creation of MANET using NS-2.
Table 4.1: Network simulation parameters for MDR approach.
Simulator NS-2
Number of nodes 50,100,150,200
Interface type Phy/WirelessPhy
Channel Wireless channel
MAC type Mac/802_11
Queue type Queue/Drop Tail/PriQueue
Queue length 201 Packets
Antenna type Omni antenna
Propagation type Two-Ray Ground
Size of packet Five hundred and twelve
Routing protocol AODV
Network traffic TCP
Nodes clustering k-means algorithm
To avoid complexity during simulation, standard parameters are used to simulate
MANET as shown in Table 4.1. For routing the data from source to destination, AODV is used
as the routing algorithm as it is proved to be an effective routing algorithm [43]-[45]. The
27
developed network is simulated in two scenarios with two cases in each scenario. Figure 4.1
shows the developed network in attack case with the malicious node that drop the packets.
Figure 4.2 shows the developed network with intrusion detection case where the MDR approach
is applied to defend the network from malicious nodes. Appendix II shows the addition of
malicious nodes to the AODV routing protocol.
Figure 4.1: Network under attack case.
Figure 4.2: Network under intrusion detection case.
28
Figure 4.3: PDR for attack case (red line) and intrusion detection case (blue
line) in Scenario-1.
4.4 RESULTS OF SCENARIO 1: BY VARYING TOTAL NUMBER OF NODES
In Scenario 1, network simulations are carried out by varying the total number of nodes
in the network to determine the effectiveness of MDR approach in detecting and preventing DoS
attacks. The network is simulated with 50, 100, 150, and 200 nodes. Figures 4.3 to 4.5 show the
effectiveness of MDR approach by presenting the performance of three major network
parameters, i.e., Packet Delivery Ratio (PDR), network throughput, and delay.
PDR is defined as the ratio of number of packets sent from the source node to the number
of packets delivered to the destination node.
Network throughput is defined as the rate of data successfully delivered to the destination
node.
Delay is the time taken for the packet to reach destination node from the source node.
29
Figure 4.5: Delay for attack case (red line) and intrusion detection case (blue line) in
Scenario-1.
Figure 4.4: Throughput for attack case (red line) and intrusion detection case
(blue line) in Scenario-1.
30
Figure 4.6: PDR for attacks case (red line) and intrusion detection case (blue line)
in Scenario-2.
Figure 4.3 shows that PDR is higher in intrusion detection case than the attack case. PDR
reaches 100 percent in intrusion detection case, when there are 200 nodes in the network. Figure
4.4 shows that network throughput is higher in intrusion detection case than the attack case.
Throughput is maximum, i.e., 40 kb/sec, when the total number of nodes are 200. Figure 4.5
shows that delay is higher in attack case than the intrusion detection case. As it can be seen in
Figure 4.5 that delay in attack case is steady for 50, 100, 150, 200 nodes. In intrusion detection
case, the delay is slightly increased as the number nodes that participate in communication for
sending the data packets from source to destination are increased.
4.5 RESULTS OF SCENARIO 2: BY VARYING DATA RATE
In Scenario 2, the network simulations are carried out by varying the data rate from 10
kb/sec to 40 kb/sec. Figures 4.6 to 4.8 show the performance of proposed communication
network under this scenario by considering the parameters such as PDR, Network throughput,
and delay.
31
Figure 4.8: Delay for attacks case (red line) and intrusion detection case (blue
line) in Scenario-2.
Figure 4.7: Throughput for attacks case (red line) and intrusion detection
case (blue line) in Scenario-2.
32
Figure 4.6 shows that PDR for intrusion detection case is greater than the PDR for attack
case. The PDR in attack case is very low when the data rate is increased to 40kb/sec. PDR is
high in intrusion detection case when the data rate is increased to 40kb/sec. Figure 4.7 shows
that throughput is steady for both cases for the data rate up to 30 kb/sec. However, after
30kb/sec, there is a sudden fall in the throughput for attack case. Similarly, we can also observe
in Figure 4.7 that throughput is steadily increased with an increase in data rate even after
30kb/sec for intrusion detection case. Figure 4.8 shows that delay in attack case is very high
with the increase in data rate, whereas delay in intrusion detection case is very low.
4.6 SUMMARY
Chapter 4 presented the MDR approach to detect and prevent malicious nodes in the
proposed network presented in Chapter 3. The focus of Chapter 4 was to test the effectiveness of
MDR approach in defending malicious nodes. MDR approach is applied to the network
developed using NS-2 simulator and tested its efficiency by introducing malicious nodes into the
developed network. Test results1 obtained from two scenarios (Scenario 1: varying total number
of nodes and Scenario 2: varying data rate) demonstrate that MDR approach is effective in
detecting and preventing malicious nodes, which lead to DoS attacks.
1Research findings of this chapter are communicated in IEEE co-sponsored and peer-reviewed conference as
indicated below:
G. K. Chalamasetty, P. Mandal, and B. Tseng, “Secure SCADA communication network for detecting and
preventing cyber-attacks on power systems,” in Proc. 2016 Clemson University Power System Conference,
PSC 2016, Co- sponsored by IEEE, Clemson University, Clemson, SC, March 8-11, 2016.
33
Chapter 5: Proposed IDP Technology Based on Secure Knowledge Algorithm
In Chapter 4, we applied MDR approach that detects and prevents malicious nodes that
may lead to DoS attacks in the proposed SCADA communication network (see Figure 3.1)
discussed in Chapter 3. Chapter 5 contributes to propose an IDP technology, i.e., SKA, which is
based on secure knowledge algorithm with the addition of anomaly detection. SKA detects and
prevents DoS attacks such as black hole attacks and anomaly attacks in the proposed SCADA
network.
5.1 PROPOSED SKA TECHNOLOGY
The benefits of identifying both known and unknown attacks is discussed in [46]. By
considering those benefits this thesis proposes an IDP technology, i.e., SKA, which is
communicated in our paper [47]. Secure knowledge algorithm is a simple and effective method
to defend blackhole attacks during AODV routing process in the network, which is discussed in
detail in [48]. The blackhole attack in AODV is such that when the source node sends Route
Request (RREQ) to all the nodes in the network, the blackhole attacked node immediately
responds to the source node by presenting false Route Reply (RREP) that it has the optimal route
to send packets to the destination. During the data transmission from source node to destination
node, the blackhole attacked node absorbs all the packets and drop them without sending to
destination. The secure knowledge algorithm makes each node in the network to monitor its
neighboring nodes and each node in the network contains a data table, which contains the data
packets forward by neighboring nodes. Consider there is a malicious node within the
intermediate nodes in the network during route discovery process. Intermediate node forwards
the RREP from destination to the malicious node, and then the malicious node sends the received
information from intermediate node to source node. The neighboring nodes store two types of
information in their table: (i) packet forwarded by intermediate node and (ii) packet forwarded
by malicious node. As the malicious node modifies or drops the packets received from
intermediate nodes, the two types of information stored in neighboring nodes do not match. The
34
neighboring nodes immediately reports the malicious node to all the nodes in the network. This
process benefits the source node to avoid malicious node in participating data transmission.
Furthermore, when the optimal route is discovered for sending the data from source to
destination using secure knowledge algorithm there is a possibility for man-in the-middle attack
or some anomaly attacks to compromise the node for packet drop during data transmission. By
considering those anomaly attacks, one more step is added to the IDP technology, i.e., anomaly
detection that helps to detect packet dropping after the optimal patch is discovered. During this
anomaly attacks, neighboring nodes detect and report the attacked node that drop packets to all
the remaining nodes in the network. The data flow from source to destination is shown in Figure
5.1.
Figure 5.1: Flowchart of the proposed IDP technology.
35
5.2 DEVELOPING THE PROPOSED SCADA COMMUNICATION NETWORK USING NS-2
The proposed SCADA communication network shown in Figure 3.1 is developed using
NS-2 simulator. Table 5.1 presents the parameters of the developed network.
Table 5.1: Network simulation parameters for proposed IDP technology.
The blackhole attacked node is added to the network as shown in Appendix III [49].
Furthermore, the node that is prone to anomaly attack that results in packet dropping is added to
the network as shown in Appendix II. The proposed IDP technology, i.e., SKA is applied to the
attacked network to evaluate its effectiveness in defending the network from black hole and
anomaly attacks.
5.3 DATA FLOW UNDER SKA
The data flow from source to destination node is shown in Figures 5.2 to 5.6 using NS-2
simulator.
Simulator NS-2
Number of nodes 50
Interface type Phy/WirelessPhy
Channel Wireless channel
MAC type Mac/802_11
Queue type Queue/Drop Tail/PriQueue
Queue length 201 Packets
Antenna type Omni antenna
Propagation type Two-Ray Ground
Size of packet Five hundred and twelve
Routing protocol AODV
Network traffic TCP
Nodes clustering k-means algorithm
36
Figure 5.2 shows the route discovery process for sending data from source to destination.
Figure 5.3 shows the detection of black hole attacked node by using a secure knowledge
algorithm.
Figure 5.2: Route discovery using AODV.
Figure 5.3: Detection of blackhole attacked node.
37
Figure 5.4 shows the optimal route selected for sending data from source to destination
by avoiding blackhole attacked node.
Figure 5.5 shows the identification of misbehaving node caused by anomaly attacks after
the optimal route is selected for data transmission.
Figure 5.4: Optimal route for sending data to destination.
Figure 5.5: Identification of misbehaving node.
38
Figure 5.6 shows the optimal route by avoiding both black hole attacked node and the
misbehaving node caused by anomaly attack.
5.4 RESULTS AND DISCUSSION
Figures 5.7 to 5.9 presents the effectiveness of the proposed IDP technology in detecting
and preventing black hole attacks and other anomaly attacks, which results in packet dropping.
Results are displayed by considering the major network parameters such as PDR, network
throughput, and delay.
Figure 5.7 shows that PDR is constantly increasing with respect to the number of nodes.
PDR reaches its maximum value when the nodes are increased to 50.
Figure 5.8 shows the network throughput, which is increasing with respect to the number
of nodes in the network, when the data rate is 70kb/sec.
Figure 5.9 shows that the delay in the network is decreased when the number of nodes are
increased.
Figure 5.6: Optimal route with trusted communication nodes.
39
Figure 5.7: PDR with the application of SKA.
Figure 5.8: Network throughput with the application SKA.
40
Figures 5.7 to 5.9 demonstrated that the proposed IDP technology, i.e., SKA is effective
in detecting and preventing blackhole attacks and other anomaly attacks.
5.5 SUMMARY
Chapter 5 presented an IDP technology, i.e., SKA, which is used to defend DoS attacks
such as blackhole attacks and anomaly attacks that result in packet dropping. The proposed
SCADA communication network (see Figure 3.1) is developed using NS-2 simulator. SKA is the
proposed IDP technology, and it is applied to the network when blackhole attacked node and
anomaly attacked node are introduced into the network. Test results2 demonstrated that the
proposed IDP technology is highly effective in defending blackhole and anomaly attacks.
2Research findings of this chapter are communicated to an international journal as indicated below:
G.K. Chalamasetty, P. Mandal, and B. Tseng, “SCADA framework incorporating MANET and IDP for
cyber security of residential microgrid communication network,” Smart Grid and Renewable Energy, Vol.
7, No. 3, pp. 104-112, 2016.
Figure 5.9: Delay with the application of SKA.
41
Chapter 6: Conclusions and Recommendations for Future Work
Chapter 6 concludes the major contributions of this thesis in developing a reliable and
secure SCADA system for residential microgrid communications. This chapter also provides
recommendations for the future work.
6.1 SUMMARY AND CONCLUSION
This thesis contributed to propose a SCADA communication using MANET. In this
thesis, we applied two IDP technologies, i.e., MDR approach and SKA in order to detect and
prevent various DoS attacks on the proposed network. The summary of this thesis is outlined
below.
Chapter 1 presented the research motivation, background, and the challenging role of
SCADA system as the DG made the power system more complex. Additionally, this
chapter presented the need for providing security to smart meter communications.
Chapter 2 presented the literature review of vulnerabilities present in the current SCADA
system and discussed the possible cyber-attacks that can be performed on the SCADA
system due to the existing vulnerabilities. This chapter also recommended to integrate
ACT into the current SCADA system by presenting the benefits of using ACT.
Chapter 3 presented the study of MANET, which is one of the ACT discussed in Chapter
3. This chapter focused on presenting the advantages and challenges associated with
MANET. Furthermore, this chapter contributed to propose a SCADA network for
residential microgrid communications using MANET.
Chapter 4 considered the challenges of MANET that lead to cyber-attacks and applied
MDR approach based IDP technology for detecting and preventing malicious nodes that
cause DoS attacks. Test results presented and discussed in Chapter 4 demonstrated that
MDR approach is effective in detecting and preventing malicious nodes.
Chapter 5 proposed an IDP technology, i.e., SKA for detecting and preventing DoS
attacks such as blackhole attacks and anomaly attacks that lead to packet dropping. Test
42
results demonstrated that SKA is highly effective in detecting and preventing blackhole
attacks and anomaly attacks that result in packet dropping.
6.2 RECOMMENDATIONS FOR FUTURE WORK
This thesis focused only on DoS attacks. Future work could be interesting to consider
other cyber-attacks such as wormhole attack and greyhole attack on MANET. Furthermore,
during the simulation of network under SKA, only 50 nodes are considered in the proposed
SCADA network. In future work, the nodes can be increased to a larger number to determine the
effectiveness of SKA when there are more number of nodes in the network. Moreover, the future
work could also be interesting to (i) determine the effectiveness of the proposed network when
two or more ACT are integrated into the SCADA communication network and (ii) develop the
new IDP technology that defend the ACT network from cyber-attacks.
The list of abbreviations used in this thesis and the technical specifications of the PC used
for the simulations purpose are shown in Appendices IV and V, respectively.
43
References
[1] M. Van der Hoeven, “World Energy Outlook 2013,” International Energy Agency: Tokyo,
Japan (2013).
[2] C.W. Potter, A. Archambault, and K. Westrick, “Building a smarter smart grid through
better renewable energy information,” in Proc. 2009 Power Systems Conference and
Exposition, 2009. PSCE'09. IEEE/PES, pp. 1-5, 2009.
[3] “Smart Grid: How does it work and why do we need it,” Environmental and energy study
institute, January 8, 2009. Online available: http://www.eesi.org/briefings/view/smart-grid-
how-does-it-work-and-why-do-we-need-it?/smart-grid-how-does-it-work-and-why-do-we-
need-it-08-jan-2009.
[4] X. Fang, S. Misra, G. Xue, and D. Yang, “Smart grid—The new and improved power grid:
A survey,” Communications Surveys & Tutorials, IEEE, Vol. 14, No. 4, pp. 944-980, 2012.
[5] T.H. Kim, “SCADA architecture with mobile remote components,” WSEAS Transactions
on Systems and Control, Vol. 5, No. 8, pp. 611-622, 2010.
[6] W. Wang, Y. Xu, and M. Khanna, “A survey on the communication architectures in smart
grid,” Computer Networks, Vol.55, No. 15, pp. 3604-3629, 2011.
[7] D. Roberts, “Utilities for dummies, part 2: Why we need competitive electricity markets,”
May 23, 2013. Online available: http://grist.org/climate-energy/utilities-for-dummies-part-
2-why-we-need-competitive-electricity-markets-with-fennecs/
[8] E. McKenna, I. Richardson, and M. Thomson, “Smart meter data: Balancing consumer
privacy concerns with legitimate applications,” Energy Policy 41, pp. 807-814, 2012.
[9] V. Sridharan, “Cyber security in power systems,” A Thesis Presented to the Academic
Faculty, Georgia Institute of Technology, May 2012.
[10] S. Rudrapattana, “Cyber-security analysis in smart grid SCADA systems: A game theoretic
approach,” PhD diss., Texas Tech University, 2013.
44
[11] J.D. Fernandez, and A. E. Fernandez, “SCADA systems: vulnerabilities and
remediation,” Journal of Computing Sciences in Colleges, Vol. 20, No. 4, pp. 160-168,
2005.
[12] M. Wei, and Z. Chen, “Reliability analysis of cyber security in an electrical power system
associated WAN,” in Proc. 2012 Power and Energy Society General Meeting, IEEE, pp. 1-
6, 2012.
[13] K. Tweed, “Attack on California substation fuels grid security debate,” IEEE spectrum,
2014. [Online]. Available: http://spectrum.ieee.org/energywise/energy/the-smarter-
grid/attack-on-california-substation-fuels-grid-security-debate
[14] K. Tweed, “Attack on nine substations could take down U.S. grid,” IEEE spectrum, 2014.
[Online]. Available: http://spectrum.ieee.org/energywise/energy/the-smarter-grid/attack-on-
nine-substations-could-take-down-us-grid.
[15] J.D. Fernandez, and A. E. Fernandez, “SCADA systems: vulnerabilities and
remediation,” Journal of Computing Sciences in Colleges, Vol. 20, No. 4, pp. 160-168,
2005.
[16] C.W. Ten, C.C. Liu, and G. Manimaran, “Vulnerability assessment of cybersecurity for
SCADA systems,” IEEE Transactions on Power Systems, Vol. 23, No. 4, pp. 1836-1846,
2008.
[17] M. Wei, and Z. Chen, “Reliability analysis of cyber security in an electrical power system
associated WAN,” in Proc. 2016 Power and Energy Society General Meeting, IEEE, pp. 1-
6, 2012.
[18] I.N. Fovino, L. Guidi, M. Masera, and A. Stefanini, “Cyber security assessment of a power
plant,” Electric Power Systems Research, Vol. 81, No. 2, pp. 518-526, 2011.
[19] G. N. Ericsson, “Cyber security and power system communication—essential parts of a
smart grid infrastructure,” IEEE Transactions on Power Delivery, Vol. 25, No. 3, pp. 1501-
1507, 2010.
45
[20] R. Mahmud, R. Vallakati, A. Mukherjee, P. Ranganathan, and A. Nejadpak, “A survey on
smart grid metering infrastructures: Threats and solutions,” in Proc. 2015
Electro/Information Technology (EIT), International Conference, IEEE, pp. 386-391, 2015.
[21] M. T. O. Amanullah, A. Kalam, and A. Zayegh, “Network security vulnerabilities in
SCADA and EMS,” in Proc. 2005 Transmission and Distribution Conference and
Exhibition: Asia and Pacific, IEEE/PES, pp. 1-6, 2005.
[22] M. Rihan, M. Ahmad and M. Beg, “Vulnerability Analysis of wide area measurement
system in the smart grid,” Smart Grid and Renewable Energy, Vol. 4 No. 6A, pp. 1-7,
2013.
[23] R. Mahmud, R. Vallakati, A. Mukherjee, P. Ranganathan, and A. Nejadpak, “A survey on
smart grid metering infrastructures: Threats and solutions,” in Proc. 2015
Electro/Information Technology (EIT), International Conference, IEEE, pp. 386-391, 2015.
[24] N.R. Kumar, P. Mohanapriya, and M. Kalaiselvi, “Development of an attack-resistant and
secure SCADA system using WSN, MANET, and Internet,” International Journal of
Advanced Computer Research, Vol. 4, No. 2, p. 627, 2014.
[25] T.H. Kim, “SCADA architecture with mobile remote components,” WSEAS Transactions
on Systems and Control, Vol. 5, No. 8, pp. 611-622, 2010.
[26] C. Alcaraz, J. Lopez, J. Zhou, and R. Roman, “Secure SCADA framework for the
protection of energy control systems,” Concurrency and Computation: Practice and
Experience, Vol. 23, No. 12, pp. 1431-1442, 2011.
[27] P.P. Parik, M.G. Kanabar, and T.S. Sidhu, “Opportunities and challenges of wireless
communication technologies for smart grid applications,” in Proc. 2010 Power and Energy
Society General Meeting, IEEE, pp. 1-7, 2010.
[28] A. Baayer, N. Enneya and M. Elkoutbi, “Enhanced timestamp discrepancy to limit impact
of replay attacks in MANETs,” Journal of Information Security, Vol. 3 No. 3, pp. 224-230,
2012.
46
[29] J. Gao, Y. Xiao, J. Liu, W. Liang, and C .P. Chen, “A survey of
communication/networking in smart grids,” Future Generation Computer Systems, Vol. 28,
No. 2, pp. 391-404, 2012.
[30] A. Chakrabarti, and G. Manimaran, “Internet infrastructure security: A taxonomy,”
Network, IEEE, Vol. 16, No. 6, pp. 13-2, 2002.
[31] R. Sule, R. S. Katti, and R. G. Kavasseri, “A variable length fast Message Authentication
Code for secure communication in smart grids,” in Proc. 2012 Power and Energy Society
General Meeting, IEEE, pp. 1-6, 2012.
[32] K. Scarfone, and P. Mell, “Guide to intrusion detection and prevention systems
(idps),” NIST special publication, Vol. 800, No. 2007, p. 94, 2007.
[33] H. Deng, W. Li, and D. P. Agrawal, “Routing security in wireless ad hoc
networks,” Communications Magazine, IEEE, Vol. 40, No. 10, pp. 70-75, 2002.
[34] D. Sumyla, “Mobile Ad-hoc Networks (manets),” March 20, 2006.
[35] D. Helen and D. Arivazhagan, “Applications, advantages and challenges of ad hoc
networks,” JAIR, Vol. 2, No. 8, pp. 453-7, 2014.
[36] R. Ali and F. Zafar, “Bandwidth estimation in mobile ad-hoc network
(MANET),” International Journal of Computer Science Vol. 8, No. 5, 2011.
[37] P. M. Jawandhiya, M. M. Ghonge, M. S. Ali, and J. S. Deshpande, “A survey of mobile ad
hoc network attacks,” International Journal of Engineering Science and Technology, Vol.
2, No. 9, pp. 4063-4071, 2010.
[38] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A. Jamalipour, “A survey of
routing attacks in mobile ad hoc networks,” Wireless communications, IEEE, Vol. 14, No.
5, pp. 85-91, 2007.
[39] S. Boora, Y. Kumar, and B. Kochar, “A Survey on Security Issues in Mobile Ad-hoc
Networks,” IJCSMS International Journal of Computer Science and Management Studies,
August 2011.
47
[40] R. H. Jhaveri, S. J. Patel, and D. C. Jinwala, “DoS attacks in mobile ad hoc networks: A
survey,” in Proc. 2012 Advanced Computing & Communication Technologies (ACCT),
Second International Conference on, pp. 535-541, 2012.
[41] A. Alsumayt, and J. Haggerty, “Using trust based method to detect DoS Attack in
MANETs,” PGNet: The convergence of Networking, Broadcasting, and
Telecommunications, UK, 2014.
[42] G.K. Chalamasetty, P. Mandal, and B. Tseng, “Secure SCADA communication network
for detecting and preventing cyber-attacks on power systems,” in Proc. 2016 Clemson
University Power System Conference, PSC 2016, Co- sponsored by IEEE, Clemson
University, Clemson, SC, March 8-11, 2016.
[43] A. K. Gupta, H. Sadawarti, and A. K. Verma, “Performance analysis of AODV, DSR &
TORA routing protocols,” International Journal of Engineering and Technology, Vol. 2,
No. 2, p. 226, 2010.
[44] N. S. M. Usop, A. Abdullah, and A. F. A. Abidin, “Performance evaluation of AODV,
DSDV & DSR routing protocol in grid environment,” IJCSNS International Journal of
Computer Science and Network Security, Vol. 9, No. 7, pp. 261-268, 2009.
[45] M. Bouhorma, H. Bentaouit, and A. Boudhir, “Performance comparison of ad-hoc routing
protocols AODV and DSR,” in Proc. 2009 Multimedia Computing and Systems,
ICMCS'09. International Conference on, IEEE, pp. 511-514, 2009.
[46] Tesfahun, and D.L. Bhaskari, “Effective hybrid intrusion detection system: A layered
approach,” International Journal of Computer Network and Information Security
(IJCNIS), Vol. 7, No. 3, pp. 35, 2015.
[47] G.K. Chalamasetty, P. Mandal, and B. Tseng, “SCADA framework incorporating MANET
and IDP for cyber security of residential microgrid communication network,” Smart Grid
and Renewable Energy, Vol. 7, No. 3, pp. 104-112, 2016.
48
[48] Siddiqua, K. Sridevi, and A.A.K. Mohammed, “Preventing black hole attacks in MANETs
using secure knowledge algorithm,” in Proc. 2015 SPACES, International Conference,
IEEE, pp. 421-425, 2015.
[49] S. Dokurer, “Simulation of Black hole attack in wireless Ad-hoc networks,” A Thesis
Presented to the Academic Faculty, Atılım University, 2006.
49
Appendix I
Sample NS-2 Code for Creating MANET
Different codes are written to generate the MANET network for different number of
nodes. Appendix I provides the code on how to develop a MANET using NS-2.
# Define options
set val(chan) Channel/WirelessChannel; # this declares channel type
set val(prop) Propagation/TwoRayGround; # this declares radio propagation model
set val(netif) Phy/WirelessPhy; # this declares network interface type
set val(mac) Mac/802_11; # this declares MAC type
set val(ifq) Queue/Drop Tail/PriQueue; # this declares interface queue type
set val(ll) LL; #this declares link layer type
set val(ant) Antenna/OmniAntenna; # this declares antenna model
set val(ifqlen) 512; # this declares packet length in ifq
set val(nn) 50; # this declares number of mobile nodes
set val(rp) AODV; # this declares the routing protocol
set val(x) 1000; # this declares the topography of X dimension
set val(y) 1000; # this declares the topography of Y dimension
set val(stop) value; # this declares the simulation end time
set ns [new Simulator]
set tracefd [open trace file name.tr w]
set namtrace [open nam file.nam w]
$ns trace-all $tracefd
$ns namtrace-all-wireless $namtrace $val(x)$val(y)
# set topography
Set topo [new Topography]
50
$topo load_flatgrid $val(x) $val(y)
Create-god $val(nn)
# Configuration of nodes
$ns node-config-adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topolInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace OFF \
-movementTrace OFF\
#Energy model of all nodes
#Energy=power*time
-energyModel EnergyModel \
-initialEnergy value \
-txPower value \
-rxPower value \
-idlePower value \
-sensePower value \
# Define node initial energy value
$n(node number) set initialEnergy value
51
# Setting the node initial position
$n(node number) set X_value
$n(node number) set Y_value
# Defining transport agent by settting a TCP connection between nodes
Set tcp [new Agent/TCP/Newreno]
Set sink [new Agent/TCPSink]
$ns attach-agent $n(node number) $tcp
$ns attach-agent $n(node number) $sink
$ns connect $tcp $sink
# Defining application agent
Set cbr [new Application/Traffic/CBR]
# Attaching transport agent to application agent
$cbr attach-agent $tcp
# Define packet size and interval in seconds
$cbr set packet size_512
$cbr set interval_0.1
# Generation time of data packet
$cbr set packetSize_512
$cbr set interval_value
# CBR start time
$ns at value “$cbr start”
# CBR stop time
$ns at value “$cbr stop”
# Labelling the nodes
$ns at time “$n(node number) label source”
$ns at time “$n(node number) label Destination”
$ns at time “$n(node number) label malicious node”
52
$ns at time “$n(node number) label base station”
$ns at time “$n(node number) label attacked node”
# Defining the new location of the mobile nodes
$ns at time “$n(node number) setdest X-location Y-loaction node movement speed in m/sec
# Defining the simulation end time to all nodes
for {set i 0}{$i < $val(nn)}{incr i}{
$ns at $val(stop) “$n($i) reset”;
}
# Ending the simulation and nam
$ns at $val(stop) “ns nam-end-wireless $val(stop)”
$ns at $val(stop) “stop”
$ns at time “puts\”end simulation\”;$ns halt”
Proc stop{}{
global ns tracfd namtrace
$ns flush-trace
close $tracefd
close $namtrace
exec nam file name.nam
}
Procfinish{}{
exec xgraph file name.tr
}
$ns run
53
Appendix II
Addition of Malicious Node
Appendix II provides steps for the modification of AODV routing protocol for adding
malicious nodes into the network. In order to add malicious node to AODV, two files need
modification, i.e., (i) aodv.h and (ii) aodv.cc.
i. following modifications are done in aodv.h
In AODV class add Boolean variable malicious.
Class AODV: public Agent
{
..........
bool malicious;
……..
}
ii. Following modifications are done in aodv.cc
Inside the constructor initialize the malicious variable with a value false as shown
below.
AODV::AODV (nsaddr_t id):Agent(PT_AODV)…
{
.……
Malicious = false;
}
In “if(argc==2)” statement add following lines
If(strcmp(argv[1], “malicious”) == 0) {
Malicious = true;
Return TCL_OK;
54
}
Behavior of malicious node is implemented by adding following code in “void
AODV::rt_resolve(Packet *p)” function.
If(malicious==true)
{
Drop(p,DROP_RTR_ROUTE_LOOP);
}
In tcl code add following command after packet transmission.
$ns at time “[$node_(node number) set ragent_] malicious”
55
Appendix III
Addition of Blackhole Attacked Node
Appendix III presents the addition of blackhole attacked node into the network by the
modification of aodv.cc file. For this, all the folder names of AODV are changed to
blackholeaodv.cc, blackholeaodv.h, blackholeaodv.tcl, blackholeaodv_rqueue.cc,
blacholeaodv_rqueue.h. The modifications are exempted to aodv_packet.h and the changes made
to remaining are listed below.
The file “\tcl\lib\ ns-lib.tcl” is modified as follows
blackholeAODV {
set ragent [$self create-blackholeaodv-agent $node]
}
Simulator instproc create-blackholeaodv-agent { node } {
set ragent [new Agent/blackholeAODV [$node node-addr]]
$self at 0.0 "$ragent start" # start BEACON/HELLO Messages
$node set ragent_ $ragent
return $ragent
}
The second file to be edited is “\makefile”, which is in the root directory of NS-2.
blackholeaodv/blackholeaodv_logs.o blackholeaodv/blackholeaodv.o \
blackholeaodv/blackholeaodv_rtable.o blackholeaodv/blackholeaodv_rqueue.o \
In baodv.cc add following statement
if ( (u_int32_t)ih->saddr() == index)
forward((blackholeaodv_rt_entry*) 0, p, NO_DELAY);
else
drop(p, DROP_RTR_ROUTE_LOOP);
56
The case statements recvRequest function are modified as follows
case AODVTYPE_RREQ:
recvRequest(p);
break;
case AODVTYPE_RREP:
recvReply(p);
break;
case AODVTYPE_RERR:
recvError(p);
break;
case AODVTYPE_HELLO:
recvHello(p);
break;
default:
fprintf(stderr, "Invalid blackholeAODV type (%x)\n", ah>ah_type);
exit(1);
The recvRequest function “(bAODV::recvRequest(Packet *p))” is modified by
changing the parameter sequence number to a very large number.
sendReply(rq->rq_src, // IP Destination
1, // Hop Count
index, // Dest IP Address
4294967295, // Highest Dest Sequence Num
MY_ROUTE_TIMEOUT, // Lifetime
rq->rq_timestamp); // timestamp
57
Appendix IV
List of Abbreviations
ACT: Advanced Communication Technologies
ABR: Associatively Based Routing
AODV: Ad hoc on demand Distance Vector
ATV: Accomplished Trust Value
CGSR: Cluster head Gateway Switch Routing
DDoS: Distributed Denial of Service
DG: Distributed Generation
DNS: Domain Name System
DoS: Denial of Service
DSDV: Destination Sequenced Distance Vector
DSR: Dynamic Source Routing
ESS: Energy Storage Systems
EV: Electric Vehicles
FERC: Federal Energy Regulation Commission
GHG: Greenhouse Gas
GUI: Graphical User Interface
HMI: Human Machine Interface
HTV: Honesty Trust Value
ICT: Information and Communication Technology
IDP: Intrusion Detection and Prevention
LAN: Local Area Network
MANET: Mobile Ad hoc Network
MDR: Monitoring, Detection, and Prevention
MGCC: Microgrid Control Center
58
MMEMS: Multi Microgrid Energy Management System
MTU: Master Terminal Unit
NS-2: Network Simulator Version 2
PDR: Packet Delivery Ratio
PG&E: Pacific Gas and Electric
PLC: Programmable Logic Controllers
PV: Photovoltaic
QoS: Quality of Service
RREP: Route Reply
RREQ: Route Request
RTU: Remote Terminal Unit
RTV: Reputation Trust Value
SCADA: Supervisory Control and Data Acquisition System
SKA: Secure Knowledge algorithm with Anomaly detection
SSR: Signal Stability Routing
TORA: Temporally Ordered Routing Algorithm
TTSV: Total Trust State Value
VPN: Virtual Private Network
WAN: Wide Area Network
WRP: Wireless Routing Protocol
59
Appendix V
PC Technical Specifications
Table AV.1 shows the technical specifications of the PC used for the simulation of
network under various scenarios and cases discussed in Chapter 4 and Chapter 5. Simulations
were performed on NS-2.
Table AV.1: Technical specifications of PC.
Specifications Details
PC Brand Lenovo
Processor Intel i7 – 4510U, 2-2.6 GHz
RAM 8 GB
Screen Resolution 1920 * 1080
Operating System Ubuntu 14.04 LTS (64-bit)
Disk Space 1 TB
60
Vita
Goutham Krishna Chalamasetty was born in Guntur, Andhra Pradesh, India. He received
his Bachelor of Technology in Electronics and Communication Engineering from Vignan
University, Guntur, India, in the year 2013. In August 2014, he joined the Department of
Electrical and Computer Engineering (ECE), UTEP to pursue Master of Science degree in
Electrical Engineering (M.S.E.E). In January 2015, he joined the PRES Lab within the ECE
department and started his research career as a Graduate Research Assistant (GRA) under the
direct supervision of PRES Lab’s director Dr. Paras Mandal who guided and mentored him
throughout his thesis period in the area of Cyber Security for Power Systems. Before starting this
research, he had very limited knowledge on Power System. However, during this thesis period,
he gained good research skills and knowledge on Cyber Security and Power System
Communication. Furthermore, he expanded his skills into publishing research papers in journal,
international conference and symposiums. List of publications associated with his M.S.E.E thesis
are provided below.
Journal Paper
[1] G. K. Chalamasetty, P. Mandal, and B. Tseng, “SCADA framework incorporating
MANET and IDP for cyber security of residential microgrid communication network,”
Smart Grid and Renewable Energy, Vol. 7, No. 3, pp. 104-112, 2016.
Conference Paper
[2] G.K. Chalamasetty, P. Mandal, and B. Tseng, “Secure SCADA communication network
for detecting and preventing cyber-attacks on power systems,” in Proc. 2016 Clemson
University Power System Conference, PSC 2016, Co- sponsored by IEEE, Clemson
University, Clemson, SC, March 8-11, 2016.
Recipient of UTEP grad travel grant
61
Symposium Papers
[3] G.K. Chalamasetty, P. Mandal, and B. Tseng, “Cyber security model for power system
based on game theory”, in Proc. 5th Southwest Energy Science and Engineering
Symposium, El Paso, Texas, April 4, 2015.
[4] G.K. Chalamasetty, P. Mandal, and B. Tseng, “Comparison of two IDP technologies in
detecting and preventing cyber-attacks on microgrid communication networks,” in Proc.
The Southwest Emerging Technology Symposium, El Paso, Texas, April 9, 2016.
Mr. Chalamasetty is a Student Member of IEEE since 2015. The research, which he led as
a GRA at the PRES Lab., motivated him towards the completion of his M.S.E.E. thesis. He
would like to express his utmost gratitude to UTEP for providing an admirable education,
knowledge, and research opportunity while pursuing his M.S.E.E. degree. Furthermore, he would
like to convey a sincere appreciation to his thesis advisor, Dr. Mandal, for mentoring him
towards the completion of this M.S.E.E. thesis entitled “Reliable and Secure SCADA Framework
for Residential Microgrid Communication”.
Contact Information: [email protected].
This thesis/dissertation was typed by Goutham Krishna Chalamasetty.
