University of Nebraska - Lincoln DigitalCommons@University of Nebraska - Lincoln Theses, Dissertations, & Student Research in Electrical & Computer Engineering, Department of Computer Electronics & Engineering 5-2014 Security Analysis of Phasor Measurement Units in Smart Grid Communication Infrastructures University of Nebraska-Lincoln, [email protected] Follow this and additional works at: http://digitalcommons.unl.edu/ceendiss Part of the Digital Communications and Networking Commons, and the Electrical and Electronics Commons "Security Analysis of Phasor Measurement Units in Smart Grid Communication Infrastructures" (2014). Theses, Dissertations, & Student Research in Computer Electronics & Engineering. 29. http://digitalcommons.unl.edu/ceendiss/29 This Article is brought to you for free and open access by the Electrical & Computer Engineering, Department of at DigitalCommons@University of Nebraska - Lincoln. It has been accepted for inclusion in Theses, Dissertations, & Student Research in Computer Electronics & Engineering by an authorized administrator of DigitalCommons@University of Nebraska - Lincoln. SECURITY ANALYSIS OF PHASOR MEASUREMENT UNITS IN SMART GRID COMMUNICATION INFRASTRUCTURES by Mehrnaz Sharifian Esfahani A THESIS Presented to the Faculty of The Graduate College at the University of Nebraska In Partial Fulfillment of Requirements For the Degree of Master of Science Major: Telecommunications Engineering Under the Supervision of Professor Yi Qian Lincoln, Nebraska May, 2014 SECURITY ANALYSIS OF PHASOR MEASUREMENT UNITS IN SMART GRID COMMUNICATION INFRASTRUCTURES Mehrnaz Sharifian Esfahani, M.S. University of Nebraska, 2014 Adviser: Yi Qian Phasor Measurement Units (PMUs), or synchrophasors, are rapidly being deployed in the smart grid with the goal of measuring phasor quantities concurrently from wide area distribution substations. By utilizing GPS receivers, PMUs can take a wide area snapshot of power systems. Thus, the possibility of blackouts in the smart grid, the next generation power grid, will be reduced. As the main enabler of Wide Area Measurement Systems (WAMS), PMUs transmit measured values to Phasor Data Concentrators (PDCs) by the synchrophasor standard IEEE C37.118. IEC 61850 and IEC 62351 are the communication protocols for the substation automation system and the security standard for the communication protocol of IEC 61850, respectively. According to the aforementioned communication and security protocols, as well as the implementation constraints of different platforms, HMAC-SHA1 was suggested by the TC 57 WG group in October 2009. The hash-based Message Authentication Code (MAC) is an algorithm for verifying both message integrity and authentication by using an iterative hash function and a supplied secret key. There are a variety of security attacks on the PMU communications infrastructure. Timing Side Channel Attack (SCA) is one of these possible attacks. In this thesis, timing side channel vulnerability against execution time of the HMAC-SHA1 authentication algorithm is studied. Both linear and negative binomial regression are used to model some security features of the stored key, e.g., its length and Hamming weight. The goal is to reveal secret-related information based on leakage models. The results would mitigate the cryptanalysis process of an attacker. iv Acknowledgements I would like to express my sincere gratitude to the College of Engineering, Department of Computer and Electronics Engineering at the University of Nebraska-Lincoln for giving me the opportunity to write an honors Master’s thesis. To my committee, Dr. Yi Qian, Dr. Hamid Sharif-Kashani, and Dr. Yaoqing (Lamar) Yang, I deeply appreciate your suggestions and guidance throughout my project. Most of all, I am fully indebted to Dr. Yi Qian, my adviser, for his timely advice, enthusiasm, kind encouragement, and support throughout the completion of this project, despite his busy schedule. In addition, I thank Dr. Jong-Hoon Youn of the Computer Science Department at the University of Nebraska at Omaha, and Dr. Fang Yu of the Biostatistics Department at the University of Nebraska Medical Center for their assistance throughout my research. I will not forget their timely help and valued guidance. This thesis was supported by National Science Foundation grant CNS-1065069. v Table of Contents List of Figures ................................................................................................................................ 7 List of Tables ................................................................................................................................. 8 Acronyms ....................................................................................................................................... 9 Chapter 1. Introduction .............................................................................................................. 12 Chapter 2. Phasor Measurement Units (PMUs) and Synchrophasor Network Architecture in Smart Grid ............................................................................................................................... 15 2.1 Smart Grid versus Traditional Power Grid .................................................................... 16 2.2 Motivation for PMUs ....................................................................................................... 21 2.3 The Functional Diagram of PMU ................................................................................... 23 2.4 PMU Block Diagrams ...................................................................................................... 23 2.5 IEEE C37.118 Standard ................................................................................................... 25 2.6 PMU Deployment ............................................................................................................. 29 2.7 The Placement of PMUs in a Smart Grid ...................................................................... 29 2.8 Common PMUs in Industry............................................................................................. 31 2.9 Synchrophasor Network Architecture ........................................................................... 32 2.10 Smart Grid Communication Infrastructure ................................................................. 32 2.11 Synchrophasor Network ................................................................................................ 33 2.12 WAMS Architecture ...................................................................................................... 33 2.13 WAMS Communications Infrastructure ...................................................................... 36 2.14 Security Requirements in WAMS ................................................................................ 38 2.15 Phasornetwork Cyber Security Standards ................................................................... 39 2.16 IEC 61850 Communication Protocol Categories ....................................................... 39 2.16.1 SMV (Sampled Measured Values) ....................................................................... 41 2.16.2 GSE/GOOSE communication profiles ................................................................. 41 2.17 Introduction to IEC 62351 ............................................................................................. 41 2.17.1 Performance concerns in IEC 62351 Part 6 ......................................................... 42 2.18 WAMS Communication Network Modeling .............................................................. 44 Chapter 3. Overview of PMU Security .................................................................................... 46 Chapter 4. Side Channel Attack on PMUs in Smart Grid ...................................................... 59 vi 4.1 An Overview of the Security Requirement in PMUs .................................................. 59 4.2 Introduction to Side Channel Attacks ............................................................................ 59 4.2.1 History of Side Channel Attacks ............................................................................. 62 4.2.2 General Assumptions in Side Channel Attacks ..................................................... 62 4.3 Introducing Popular Types of SCAs .............................................................................. 63 4.3.1 Timing Attack ............................................................................................................ 63 4.3.2 Power Analysis Attack ............................................................................................. 64 4.3.3 Electromagnetic Analysis Attack (EMA) .............................................................. 65 4.4 Literature Review on Side Channel Attacks ................................................................. 66 4.4.1 EM and Power Analysis Attack .............................................................................. 66 4.4.2 Timing Attack ............................................................................................................ 67 4.5 Countermeasures of Side Channel Attacks ................................................................... 71 Chapter 5. Investigating the Timing Side Channel Attacks against PMU Authentication 73 5.1 Overview of HMAC–SHA1 Algorithm ......................................................................... 73 5.2 Previous Work on Timing Attacks against HMAC-SHA1