Conference PaperPDF Available

Accountability in smart grids

Authors:
Jing Liu at eBay, Inc.
Jing Liu
  • eBay, Inc.
Yang Xiao at University of Alabama
Yang Xiao
Jingcheng Gao at University of Alabama
Jingcheng Gao
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

A feasible architectural framework for the smart grid in home areas is provided based on the latest NIST (National Institute of Standards and Technology, U.S.) smart grid interoperability standards (release 1.0). In this paper, we propose an accountable communication protocol using this architecture with certain reasonable assumptions. Analysis results indicate that our design makes all power loads in home areas accountable.
Figures - uploaded by Jing Liu
Author content
All figure content in this area was uploaded by Jing Liu
Content may be subject to copyright.
Content uploaded by Jing Liu
Author content
All content in this area was uploaded by Jing Liu on Mar 22, 2014
Content may be subject to copyright.
Accountability in Smart Grids
Jing Liu,Yang Xiao, Jingcheng Gao
Department of Computer Science
The University of Alabama
Tuscaloosa, AL 35487-0290 USA
Abstract— A feasible architectural framework for the smart
grid in home areas is provided based on the latest NIST
(National Institute of Standards and Technology, U.S.) smart
grid interoperability standards (release 1.0). In this paper, we
propose an accountable communication protocol using this
architecture with certain reasonable assumptions. Analysis
results indicate that our design makes all power loads in home
areas accountable.
Keywords-smart grid; AMI; security; accountability
I. INTRODUCTION
*Smart grid is a promising power delivery infrastructure
integrated with bi-directional communication technologies
that collects and analyzes data captured in near-real-time,
including power consumption, distribution, and transmission
[1]. According to these data, it can provide predictive
information and relevant recommendations to all
stakeholders, including utilities, suppliers, and consumers,
regarding the optimizing of their power utilization [1]. By
two-way electrical flow, consumers are able to sell their
surfeit energy back to utilities [2]. In other words, smart grid
is a complex system of systems.
Nationwide deployment and popularization of the smart
grid require decades of work. Bringing new markets into the
grid is encouraged before it can be fully accomplished. It is
worth mentioning that the interests of all stakeholders
should be considered during development. As such,
homeowners must be taken into account. Since enabling
consumer participation is a major characteristic of the
modern grid, homeowners’ considerations are extremely
important. As we know, their primary concern regarding
power usage is the monthly bill sent by their service
providers (e.g., utilities). If possible, homeowners would
rather know the details of their power usage than simply a
bill with a total consumption. Albeit the real-time, or day-to-
day, cost of electricity could be determined by the smart
meter, we still doubt its reliability. The utility, or the smart
meter itself, may alter transmitted data to suit someone’s
interests or for some other reasons (e.g., because they are
under attack). As a consequence, a homeowner could have
two different electric bills: one from the utility and one from
the smart meter. Furthermore, in smart grids, prices change
with time such that traditional billing via the total amount of
energy consumed using an average price is no longer
feasible. Therefore, the exact times when power is used are
*The corresponding author is Prof. Yang Xiao. Email:
yangxiao@ieee.org
important and should be made accountable. To solve the
above problems and to make the smart grid in home areas
reliable are the two major motivations of this paper.
In this paper, after reviewing metering systems in smart
grids, we design an accountable communication protocol for
home use that uses a peer review strategy. Under certain
assumptions, the following three major contributions are
made in this paper:
1. A smart meter can prove the correctness of any smart
appliance in a home area.
2. A group of smart appliances can prove the correctness
of the smart meter.
3. A service provider can prove the correctness of the
smart meter.
The rest of this paper is organized as follows. Section II
discusses how an accountable system for a home area smart
grid can be designed and deployed. Section III analyzes and
proves the system accountability by accountability logic.
Finally, we conclude this paper in Section IV.
II. ACCOUNTABILITY IN HOME AREA
Although the framework and blueprints of the smart grid
have been discussed in recent years [3-15], a specific
standard for its implementation is still to be determined.
Two steps therefore need to be clarified before designing an
accountable system for the smart grid in a home area: the
first is to build a possible architectural framework for its
implementation, and the second is to identify potential
security problems.
A. Architecture
Figure 1. Smart grid in home area.
Based on the smart grid characteristics and system
framework, we propose a reasonable architecture for a home
area smart grid, as shown in Figure 1. Note that it works for
the Building Area Network (BAN) and Industrial Area
Network (IAN) as well.
The 8th Annual IEEE Consumer Communications and Networking Conference - Special Session on Smart Grids - Emerging
Services and Networks
978-1-4244-8790-5/11/$26.00 ©2011 IEEE 1166
As illustrated in Figure 1, a smart meter, M, acts as a
middleman between the service provider, S, and home
appliances (e.g., A,B, and C). It is a gateway that monitors
all incoming and outgoing electricity flow. Meanwhile, it
also records power consumption and generation in home
areas. We divide electrical appliances into two categories
based on their communication capability. One refers to
smart appliances and the other to regular appliances. In our
case, only smart appliances have the ability to exchange
information or message (e.g., market price, trading price,
and consumption logs) with others, including the smart
meter. They are also capable of recording those messages.
For those regular appliances that are not interactive, the
smart meter simply monitors their activities on
corresponding power supply ports. In a modern power grid,
most families would probably equip a power generation and
storage device, denoted as G. We assume that such
equipment is a type of smart appliance. Since regular
appliances have no communication capabilities, we simply
assume that all appliances in future home areas will be smart
appliances.
B. Problem Statement
In order to clearly state our problems, conducting an
intensive study of the metering system in the home area is
essential. Conventional metering systems charge electricity
consumption according to its reading at the end of each
month, as shown Figure 2. If the meter reading says that n
kWh have been used within a month, the bill (aka. service
amount) without tax will be the product of n and a unit
average price (denoted as m dollars/kWh). Basically, m is
predefined and published by the service provider. It does not
change very often. Therefore, it can be regarded as a
constant value.
$16.36
$17.69
$19.21
$21.00
$22.28
$24.27
$30.42
Dec-09 Jan-10 Feb-10 Mar-10 Apr-10 May-10 Jun-10
0
20
40
60
80
100
120
140
Service Amount & Usa
g
e
(kWh)
Usage (kWh)
Service Amount (Cost $)
Figure 2. Conventional service amount and usage chart.
Unlike the simple conventional approach, a modern
power grid will use smart meters to read electricity usage at
a predetermined requested interval (e.g., daily, hourly, or per
minute). Those reading data will be stored locally and
transmitted to the service provider as usual. At higher levels,
the smart meter will get a real-time unit price (aka. market
price) from the service provider or other market via a bi-
directional wired or wireless network. Together with the
powerful energy management of Advanced Metering
Infrastructure (AMI), households can not only make
economic choices based on dynamic prices, but they can
also shift, load, and store or sell surplus energy. Hence,
calculating the service amount in such a new power
infrastructure is difficult.
Basically, only two key factors affect the bill: 1) the real-
time power usage and 2) the market price. Both aspects can
be obtained by the smart meter in real-time. However, we
cannot simply do a multiplication to get the service amount
since the market price is not a constant value and may vary
from time to time. For example, the price could remain high
during peak hours or high demand periods due to electricity
shortage. When outside of peak periods, it is decreased
accordingly. The price also can be affected by local weather
conditions. Continuous cloudy or rainy days may reduce the
local production of solar energy and thereby the price could
go up. But if a strong hurricane follows, the price will
reasonably fall since it enhances wind power generation at
the same time. Hence, it is hard to predict the exact market
price at a particular time and a specific location. We instead
maintain a record of fore-passed market price. Current
solutions, reported by the U.S. DOE [2], take three typical
tariff forms: time of use (TOU), critical peak pricing (CPP),
and real-time pricing (RTP). TOU pricing is solely based on
a peak or off-peak period designation. Prices are set higher
during peak hours. Under CPP, prices during peak hours
(basically some short periods within a year) are set at a
much higher level compared than under normal conditions.
RTP pricing is much more flexible, in that hourly prices are
differentiated according to the day-of or day-ahead cost of
power to the service provider. Actually, pricing in the smart
grid is still an interesting and essential open issue that must
be addressed. The author in [18] argued that a price-
response demand mechanism should be introduced in the
smart grid. Since pricing is not our primary scope in this
paper, we simply assume that the real-time market price can
be obtained in a secure and feasible way (via service
provider or third party, e.g., markets). Under such conditions,
we reasonably suppose that, given any past time t, the
market price can be determined by a function M(t). As it is a
dynamic feature, M(t) should be a non-linear and random
curve regarding time t, as illustrated in Figure 3.
Trading
Power
Appliance B
Power Usage
Appliance A
Power Usage
Market
Price
tatbtctdte
from service provider from home generation
Time
M(t)
GB(t)
EB(t)
EA(t) GA(t)
Trading
Price
T(t)
S(t)
Figure 3. Aggregation information in the smart meter.
Another possible factor affecting the service amount is
the presence of a home generated power system (e.g., wind
or solar energy). Without consideration of its own
consumption, the generated energy can be divided into two
parts: one consumed by other electrical appliances at home
while the other is sold back to the service provider. Both of
them are monitored and recorded by the smart meter. But
only the trading portion impacts the service amount. Notice
that the trading price could be the market price or even be
set by the homeowner. Here we suppose that the trading
price is a non-linear function of t and denoted as T(t), as
shown in Figure 3.
1167
Figure 3 is an example of energy usage in a modern
power grid. We denote purchased energy (from a service
provider) as E(t), self-consumed energy (from home
generation) as G(t), and trading power as S(t). They are all
functions with respect to time t. If there is no power
consumption or sale event during a period, the relevant
functions will automatically be zero. Given any time period
from ta to tb (tb˚ta), the total service amount denoted as
Bill(ta,tb) should be:

³ b
a
t
t
ba dttStTtEtMttBill )()()()(),( (1)
In equation (1), E(t) can be obtained by attaining the sum
of every individual consumption (denoted as Ei(t) where i is
the name of electrical appliance). For each appliance i, the
service amount from ta to tb (tb˚ta), denoted as Billi(ta,tb),
can be determined by the following equation:
³ b
a
t
tibai dttEtMttBill )()(),( (2)
Equation (1) can thus be rewritten as:
³
¦
b
a
t
t
BAi
baiba dttStTttBillttBill )()(),(),(
,...,
(3)
From the above, it is not difficult to see that computing
service amounts in a smart grid is indeed a complicated
procedure. Many factors in the smart meter can affect the
final bill. Any alternation, forgery, delay, or removal of
those historical records may lead to a different price.
Although we could equip secure smart meters to enhance
reliability, homeowners or cyber attackers may still
manipulate the smart meter for their own interests. In
addition, when the service provider brings alternative bills to
a homeowner, who should we trust? Since most service
providers rely on meter readings, to ensure a secure and a
reliable smart meter is our primary task.
We consider an entity as correct only if it strictly follows
a given protocol. Otherwise, we regard it as faulty. Here we
use smart appliances as witnesses to prove that the smart
meter is correct. The witness idea was inspired by the
PeerReview system [19]. In this case, three new problems
should be addressed. First, a smart appliance itself may have
errors or be controlled by a malicious person. To make every
faulty smart appliance detectable is necessary (Challenge 1).
Second, since appliances have limited capabilities for
communication and storage, to design a feasible, observable
mechanism for witnesses is also required (Challenge 2).
Third, home generated power is managed by the smart meter
only. Other smart appliances do not know where the power
load comes from: it may be supplied by the free home
generation, or purchased from the service provider. Without
supervision, the smart meter may deny that during a certain
period an appliance was using power from the service
provider (Challenge 3). In the following sections, we will
describe our design of accountable AMI that addresses these
challenges.
C. Terms and Assumptions
Before specifying our communication protocol, several
terms and assumptions should be addressed as follows:
Terms
-{A,B, …}: a set of communication participants in
the smart grid, known as principals. Specifically, M
stands for the smart meter, G represents as the home
generation and storage device, and S refers to the
service provider.
-{m,m’,n}: a set of messages or message
components.
-{ti | i = a,b, …}: a set of time points.
-{Ki,Ki
-1}: a pair of public/private keys of principal i.
-{m}Ki:m encrypted with the public key of principal i.
-{m}Ki
-1:m encrypted or signed with the private key
of principal i.
Assumptions:
1. Every electrical appliance i in the home area is a
smart appliance with sufficient storage space and a
constant capacity factor Pi (kW).
2. The running state of every smart appliance (e.g., on
or off) is known by the others in real-time.
3. Functions of market price M(t) and trading price T(t)
are authenticated by the service provider. Every
smart appliance shares these functions at the same
time.
4. There is a function w that maps each appliance to its
set of witnesses. We suppose that, for any appliance
i in a home area, the set {i}Ĥw(i) contains at least
one correct smart appliance.
5. A message sent from one correct appliance to
another will eventually be received.
6. Each involved communication principal uses PKI
technology to identify itself; they can sign messages,
but a faulty principal cannot forge the signature of
correct one.
7. A home generation and storage device G must
record its own power load truthfully.
Assumption 2 depends on circuit/communication designs
which may be achieved by particular sensor units in the
smart grid. For simplicity, we suppose that Assumption 2
can be met. More specifically, we suppose that there is a
function Ri(t) that records the running state of appliance i.
When t is within the running period of i,Ri(t) is granted to 1;
otherwise, Ri(t) is set to 0.
D. Accountable Protocol
Since the power usage of appliance i can be determined
by its capacity factor Pi and running state Ri(t), the equation
(2) for its market service amount can be rewritten as:
³ b
a
t
tiibai dttRtMPttMPA )()(),( (4)
According to equation (4), if any principal j (j  i) holds
Pi,M(t), and Ri(t) at the same time, j is able to determine i’s
market service amount for any past period. Notice that j still
does not know the exact service amount of i, since j has no
knowledge of i’s power source. If i were using home
generated power all the time, i’s service amount would be
zero. For auditing, i’s market service amount can also be
specified by:

³ b
a
t
tiibai dttGtEtMttMPS )()()(),( (5)
Next, we borrow some ideas from the PeerReview
system [19]. Given any period from ta to tb,MPAi(ta,tb)
should equal MPSi(ta,tb). Based on this fact, we can design a
deterministic mechanism to detect faulty principals in a
home area. Under our proposed architecture, each appliance
i has two modules for accountability: a log module Li and a
detector module Di.Li generates a complete evidence log of
i’s power usage. Di checks other logs to tell whether faults
are, or are not, present. Informally, faulty(j) is issued when i
can prove that j is abnormal; suspected(j) is raised when i
has not received an expected message from j on time;
1168
correct(j) is released otherwise. Our design therefore
follows the following protocols:
xWhen a new appliance i is plugged in, i will sign Pi
with its unique signature Ki
-1 and broadcast {Pi}Ki
-1
among all principals in the home area.
xThe smart meter will notify each appliance as to
whether or not it currently uses home generated power.
xEvery appliance has one copy of its own log, which is
ensured by the tamper-evident log mechanism [19];
other logs will be retrieved when required. Appliances
exchange just enough messages to prove themselves.
xEach appliance is mapped to several other appliances.
They act as witnesses that collect its log, check its
correctness, and report the results to the rest of the
system.
xA commitment protocol [19] is adopted to ensure that
witnesses will retrieve exactly the same log as the
target appliance owns. It also guarantees that no one
can deny a received message.
xThis protocol uses a challenge/response protocol [19]
to address the problem that some appliances do not
respond or fail to acknowledge that messages were
successfully sent.
Next, we will demonstrate how it works in detail.
Initially, every new appliance i will be assigned a set of
witnesses wi by the smart meter. Then, i will sign Pi with its
unique signature Ki
-1 and send {Pi}Ki
-1 to the smart meter
and each member of wi. When i is running, Li generates a
tamper-evident log to record its power usage. Since the
smart meter will notify i regarding its power source, the log
will record both Ei(t) and Gi(t). In order to check whether i is
correct or not, each witness of wi will periodically request its
most recent log segment. Suppose that the last audit time is
ta and the current time is tb. In this case, i first requests and
records the latest M(t) and T(t) from the smart meter. Then it
sends back all the log entries since time ta, together with the
corresponding market service amount determined by
equation (5). Specifically, the response message mi should
be {ta,tb,Ei(t),Gi(t),MPSi(ta,tb)}Ki
-1. When a witness j
(jwi) receives mi,Dj will recalculate i’s market service
amount MPAi(ta,tb) by equation (4) according to its own
records of Pi,M(t), and Ri(t) (refer to assumptions 1, 2, and
3). If MPAi(ta,tb) is a verified MPSi(ta,tb) (using Ki to verify
mi), Dj will issue correct(i); otherwise, faulty(i) is issued
(Challenge 2 is addressed). Since we use a
challenge/response protocol here, every appliance i must
respond to the requests from its witnesses, or else
suspected(i) will be indicated. We also adopt the
commitment protocol here, so that all signed messages are
evidence against faulty appliances. Because there is always a
correct witness j within wi (Assumption 4) and all delivered
messages will be received (Assumption 5), a faulty
appliance i will eventually be exposed by Dj with its
indicators: suspected(i) or faulty(i) (Challenge 1 is
addressed).
To deal with Challenge 3, we consider all appliances in
the home area as witnesses of the smart meter. When
suspicious are raised against the smart meter, the third party
(e.g., the service provider) will retrieve all evident logs
regarding Gi(t) from each home appliance i, together with
the self-consumed energy record G(t) from the home
generation and storage device G. Since every principal uses
tamper-evident logs to record its behavior, any mismatch
between Gi(t) and G(t) will prove that the smart meter is not
correct according to Assumptions 4 and 7.
The protocol described so far has addressed the three
aforementioned challenges. Convinced evidences are able to
eliminate the questionable charges on the final bill. As the
message latency, throughput, and traffic overhead, the paper
[19] has shown that this peer review mechanism is scalable
in distributed system based on experiments and
mathematical analysis.
III. PROTOCOAL ANALYSIS
In this section, we will analyze the accountability of our
protocol by using the same analysis method as in [17]. First,
it defines accountability goals. Then it will interpret every
message into a logical description. After that, the initial
assumptions will be restated in a logical way. Based on the
logic described in [17], we can eventually prove that our
protocol can achieve all accountability goals by using the
message interpretation and the initial assumptions.
A. Temporal Accountability Goals
We present accountability goals for our proposed
protocol based on the definitions and three challenges stated
in Section II. Suppose that X is any appliance in the home
area and that Y is X’s witness. The goals can therefore be
described as follows:
G1:M CanProve (X is faulty or correct)
G2:X CanProve (M is faulty or correct)
G3:Y CanProve (X is faulty or correct)
G4:S CanProve (M is faulty or correct)
B. Message Interpretation
Since an unsigned message has no effect on the
achievement of goals in accountability logic, we only
consider signed ones. The message flows can therefore be
interpreted as follows:
1) M Receives ({PX} SignedWith KX
-1)
2) Y Receives ({PX} SignedWith KX
-1)
3) X Receives ({ta,tb,EX(t),GX(t),
{M(t),T(t)} SignedWith KS
-1} SignedWith KM
-1)
4) Y Receives ({ta,tb,
{M(t),T(t)} SignedWith KS
-1} SignedWith KM
-1)
5) Y Receives ({ta,tb,EX(t),GX(t),MPSX(ta,tb)}
SignedWith KX
-1)
6) S Receives ({{Gi(t)} SignedWith Ki
-1|iall
appliances},
{G(t)} SignedWith KG
-1,)
C. Initial Assumptions
The initial state assumptions required in the analysis are:
A1:Y Receives ({PX} SignedWith KX
-1) =>
(Y CanProve (PX isTrusted))
A2:X Receives ({EX(t),GX(t)} SignedWith KM
-1) =>
(X CanProve ({EX(t),GX(t)} isTrusted))
A3:X Receives ({M(t),T(t)} SignedWith KS
-1) =>
X CanProve (M(t) isTrusted) and (T(t) isTrusted)
A4:Y CanProve (Ri(t) isTrusted)
A5:S CanProve (G(t) isTrusted)
D. Protocol Analysis
xMessage 1:
When M receives message 1, M knows it was sent by X
based on its unique signature. Since M can monitor X’s
power usage, PX can be verified by M. If PX is not true, M
can claim X is faulty. Otherwise, M can prove the following
statement by applying the accountability postulate [16, 17].
1169
M CanProve (X says PX) and (PX isTrusted)
When a suspicion is issued against PX, this statement can
be used as evidence to prove (PX isTrusted). This is the
accountability goal G1.
xMessage 2:
Y receives message 2 at the same time as M.Y can prove
the following statement by applying the accountability
postulate and A1.
Y CanProve (X says PX) and (PX isTrusted)
When a suspicion is issued against PX, this statement can
be used as evidence to prove (PX isTrusted). This is the
accountability goal G3.
xMessage 3:
Message 3 is required when Assumption 3 is made. X
will periodically request message 3 from M. Since X knows
its total power consumption costab during the period from ta
to tb, X can verify EX(t) and GX(t) by comparing their
summation with costab.Faulty(M) will be issued if the result
is not equal. This is the accountability goal G2. Then X can
prove the following statement by applying the accountability
postulate, A2, and A3.
X CanProve ({EX(t),GX(t),M(t),T(t)} isTrusted)
When a suspicion is issued against EX(t), GX(t),M(t), and
T(t), this statement can be used as evidence to prove ({EX(t),
GX(t),M(t),T(t)} isTrusted).
xMessage 4:
Message 4 is similar to message 3. By recording
message 4, Y can prove the following statement by applying
the accountability postulate and A3.
Y CanProve (M(t) isTrusted) and (T(t) isTrusted)
When a suspicion is issued against M(t) and T(t), this
statement can be used as evidence to prove that they are both
trusted. This is also the accountability goal G2.
xMessage 5:
Message 5 is a key to achieving accountability goal G3.
When Y receives message 5, DY will process the auditing of
this message. Together with the statements from messages 2
and 4, Y can eventually prove the following statement by
applying the accountability postulate and A4.
Y CanProve (X is faulty or correct)
By combining all such statements from every appliance,
the accountability goal G2 will also be achieved.
xMessage 6:
Through checking the difference between G(t) and the
summation of Gi(t) for each appliance i,S can easily verify
whether or not they are equal. If the answer is no, S will
issue faulty(M) based on A5. Therefore, S can prove the
following statement by using the message 6:
S CanProve (M is faulty or correct)
This is the accountability goal G4.
IV. CONCLUSION
A feasible architectural framework for the smart grid in
home areas has been presented based on the latest NIST
smart grid interoperability standards (release 1.0). This
paper has designed an accountable communication protocol
using the proposed architecture with certain reasonable
assumptions. Analysis results indicate that such a design
makes all power loads in home areas accountable.
ACKNOWLEDGEMENT
This work was partially supported by the US National
Science Foundation (NSF) under grant numbers: CNS-
0737325,CNS-0716211, and CCF-0829827.
REFERENCES
[1] Cisco Systems, Inc., “Internet protocol architecture for the smart
grid,” White Paper, July 2009, available at:
http://www.cisco.com/web/
strategy/docs/energy/CISCO_IP_INTEROP_STDS_PPR_TO_NIST_
WP.pdf.
[2] U.S. DOE, “Smart grid system report,” White Paper, July 2009,
available at:
http://www.oe.energy.gov/SGSRMain_090707_lowres.pdf.
[3] U.S. NETL, “Advanced metering infrastructure,” White Paper, Feb.
2008, available at: http://www.smartgrid.gov/white_papers.
[4] U.S. NIST, “NIST framework and roadmap for smart grid
interoperability standards, release 1.0,” NIST Special Publication
1108, Jan. 2010, available at:
http://www.smartgrid.gov/standards/roadmap.
[5] West Virginia Division of Energy, “West virginia smart grid
implementation plan,” U.S. DOE/NETL Report, Aug. 2009,
available at: http://www.smartgrid.gov/reports.
[6] U.S. NETL, “A systems view of the modern grid,” White Paper, Jan.
2007, available at: http://www.smartgrid.gov/white_papers.
[7] A. Clark and C. J. Pavlovski, “Wireless networks for the smart
energy grid: application aware networks,” in: Proc. IMECS 2010.
[8] J. Gadze, “Control-aware wireless sensor network platform for the
smart electric grid,” IJCSNS International Journal of Computer
Science and Network Security, vol. 9, no. 1, Jan. 2009, pp. 16-26.
[9] D. Dvian and H. Johal, “A smart grid for improving system
reliability and asset utilization,” CES/IEEE 5th International Power
Electronics and Motion Control Conference, Shanghai, China,
August 2006, pp. 1-7.
[10] G. N. Srinivasa Prasanna, A. Lakshmi, S. Sumanth, V. Simha, J.
Bapat, and G. Koomullil, “Data communication over the smart grid,”
in: Proc. ISPLC 2009, Dresden, 2009, pp. 273-279.
[11] H. A. Khan, Z. Xu, H. Iu, and V. Sreeram, “Review of technologies
and implementation strategies in the area of smart grid,” in: The 10th
Postgraduate Electrical Engineering and Computing Symposium,
IEEE WA Section, Perth, Australia, Oct. 2009.
[12] A. Cavoukian, J. Polonetsky, and C. Wolf, “SmartPrivacy for the
smart grid: embedding privacy into the design of electricity
conservation,” Identity in the Information Society, Springer
Netherlands, ISSN: 1876-0678, Apr. 2010.
[13] S. Spoonamore and R. L. Krutz, “Smart grid and cyber challenges
national security risks and concerns,” March 2009, avaliable online:
http://www.whitehouse.gov/files/documents/cyber/Spoonamore-
Krutz - Smart Grid CyberSecurity Risks and Concerns.pdf.
[14] P. McDaniel and S. McLaughlin, “Security and privacy challenges in
the smart grid,” IEEE Security and Privacy, vol. 7, no. 3, May/June
2009, pp. 75-77.
[15] W. F. Boyer and S. A. McBride, “Study of security attributes of
smart grid systems – current cyber security issues,” DOE Scientific
and Technical Information Report, Apr. 2009, available at:
http://www.inl.gov/technicalpublications/Documents/4235623.pdf.
[16] R. Kailar, “Accountability in electronic commerce protocols,” IEEE
Transactions on Software Engineering, vol. 22, no. 5, May 1996, pp.
313-328.
[17] M. Kudo, “Electronic submission protocol based on temporal
accountability,” in Proceedings of the 14th Annual Computer
Security Applications Conference, 1998, pp. 353-363.
[18] H. Chao, “Price-responsive demand management for a smart grid
world,” The Electricity Journal, vol. 23, issue 1, 2010, pp. 7-20.
[19] A. Haeberlen, P. Kouznetsov, and P. Druschel, “PeerReview:
practical accountability for distributed systems,” ACM SIGOPS
Operating Systems Review, vol. 41, issue 6, 2007, pp. 175-188.
1170
... Furthermore, they can shift their consumption to hours with lower prices and demand, and in case of decentralized production they can store or even sell their energy surplus. For example, prices will remain high during peak or high demand hours and outside peak hours prices will be decreased accordingly [25]. Furthermore, in the case of distributed power generation with renewables such as solar panels or wind turbines weather conditions might affect electricity production and the prices. ...
... The first technique refers to the use of certain constant prices no matter the conditions of the network. The second one refers only to price differentiation for peak and off-peak hours and the last one provides a continuous application of a flexible real-time pricing mechanism relying on the smart grid implementation [25]. In [26] the introduction of the pricing mechanism into the smart grid and how it will be measured is described. ...
View
... A disproportionate behaviour of households/end-users/micro-levels is one of the main sources of energy losses. Several empirical and theoretical studies previously targeted the DSM of electricity, always to understand how energy losses in the electrical smart grid system may be reduced, and performance improved [12,13]. ...
Resolving Energy Losses Caused by End-Users in Electrical Grid Systems
Article
Full-text available
  • Mar 2021
This study utilises the Pareto approach to highlight the energy losses that mainly originate from the phenomena of tiny, initiated events created by end-users of electricity in Australia. Simulation modelling was applied through two stages to examine residential households’ electricity consumption behaviour in New South Wales, Australia. Stage one analysis applied Hierarchical agglomerative clustering and a dendrogram to denote the respective Euclidean distance between the different clusters. Heat maps and threshold value area charts were used to compare the mean power demand for six respective clusters. Stage two used ‘sensitivity analysis’ to investigate how uncertainty in the electricity demand can be allocated to the uncertainty of energy losses. The findings envision practical solutions to dealing with the variability of energy losses and the proposal to set new demand-side strategies associated with individuals. Retail prices of electricity in Australia have risen by roughly 60% since 2007. The research contributes to knowledge about the roots of energy losses in Australia, creating a $210M cost value. Energy losses are of significant economic value, while also impacting energy security. The first limitation of this study is using approaches from complexity theory to grasp the philosophical issues behind the research design and clarifying which insights suit what kind of evidence, thus identifying the data that needed to be collected. The second limitation is that this study’s methodology used a mostly quantitative approach that describes and explains a complex phenomenon in depth more than exploring and confirming that phenomenon. The third and final limitation is that this study’s context is also limited regarding selected sample criteria. The context is limited to a particular demographic area in New South Wales (NSW) in Australia and is also limited to residential houses (not industrial or commercial), which was opposed by data availability and access. The research draws on ‘peak and off-peak’ scales of electricity demand cause energy losses. The research shows the role of the phenomena of spontaneous emergence as a non-linked constraint which is the main issue that splits the optimal solution into pieces and significantly complicates the solution task. Demand side management (DSM) of electricity can be improved from this to construct new demand-side strategies. The study is structured around understanding the consequences of the scalability of events and the clustering dynamic of non-linearity through relevance complexity concepts exclusive to spontaneous emergence (SE), power laws (PLs), Paretian approach (PA), and tiny initiated events (TIEs). We examined the issues of the spontaneous emergence of non-linear, dynamic behaviour involved in the electricity demand of end-users on the basis of pushing individual systems of end-users to the edge of self-organised criticality (SOC). Revising the demand system’s complexity has value in constituting a core domain of interest in what is new in the field of demand side management (DSM), thus contributing to understanding end-users’ behaviour-driven energy losses from both theoretical and empirical perspectives.
View
... However, this information may be inconsistent with the bills provided by small companies due to attacks. This can reduce the accountability of the SG to households [69]. ...
Smart Grid Security and Privacy: From Conventional to Machine Learning Issues (Threats and Countermeasures)
Article
Full-text available
  • Apr 2022
Smart Grid (SG) is the revolutionised power network characterised by a bidirectional flow of energy and information between customers and suppliers. The integration of power networks with information and communication technologies enables pervasive control, automation and connectivity from the energy generation power plants to the consumption level. However, the development of wireless communications, the increased level of autonomy, and the growing sofwarisation and virtualisation trends have expanded the attack susceptibility and threat surface of SGs. Besides, with the real-time information flow, and online energy consumption controlling systems, customers' privacy and preserving their confidential data in SG is critical to be addressed. In order to prevent potential attacks and vulnerabilities in evolving power networks, the need for additional studying security and privacy mechanisms is reinforced. In addition, recently, there has been an ever-increasing use of machine intelligence and Machine Learning (ML) algorithms in different components of SG. ML models are currently the mainstream for attack detection and threat analysis. However, despite these algorithms' high accuracy and reliability, ML systems are also vulnerable to a group of malicious activities called adversarial ML (AML) attacks. Throughout this paper, we survey and discuss new findings and developments in existing security issues and privacy breaches associated with the SG and the introduction of novel threats embedded within power systems due to the development of ML-based applications. Our survey builds multiple taxonomies and tables to express the relationships of various variables in the field. Our final section identifies the implications of emerging technologies, future communication systems, and advanced industries on the security and privacy issues of SG.
View
... The drawback is the system adds a O(N 2 ), where N is the number of nodes in the system, to the computational overhead of the network, which may violate the QoS requirements of IEC61850. Attempts have been made to add the promise of accountability to advance metering infrastructure within SG's [104], but there doesn't appear to be any attempts to adapt this system for the rest of SG communications infrastructure. The other option is building redundant nodes that act as duplicates of nodes in the network topology [196]. ...
On the Use of Queuing Networks to Test the Robustness of Security Protocols: An Analysis of the Security Vulnerabilities of IEC61850 & IEC62351
Thesis
  • Feb 2020
This work presents a probabilistic symbolic formal method, based on queuing networks, for checking the robustness of security protocols. The method has been developed to verify the security promises of availability and synchronisation of state between devices, instead of those that are traditional analysed such as confidentiality/secrecy, integrity, authentication, (CIA) and non-repudiation. This research uses a network of M/M/c/K queues to model packets travelling through the state machine of a device, or between networked devices. This method- ology allows for the modelling of distributed systems, which are been computationally hard for other methods in this domain. The method relaxes the level of proof required for a symbolic formal method to calculating the likelihood that a promise is violated. The reduction in proof and complexity translates to modelling either the most likely state of the system. However, unlike other formal methods, the granularity of queuing network doesn’t encapsulate message content. This method builds upon on the work of Osorio & Bierlaire[144] by presenting an implementa- tion with additional state space configurations and probability distributions, along with proofs of completeness and correctness for the implementation. The additional state space configu- rations provide a view of the total number of packets in each queue; the ordering of different types of packets in a queue; and the number of packets in each stage of the queue. The second part of this thesis present a series of security vulnerabilities discovered within the IEC61850 substation automation standard (SAS), and its supplementary security standard IEC62351, using the queuing network methodology. These smart grid (SG) standards were cho- sen as a testbed for finding robustness attacks within a protocol because their primary concern is with the safe and efficient operation of the SG, which means that the focus is on quality of service (QoS) promises, that enforce hard real time limits on the data communication across the network, over security. However, some of the decisions made to ensure the QoS are met such as the omission of acknowledgement messages and requests for retransmission, may also undermine the robustness promises. The SG sector has historically been dependent on the relative obscurity of the standards to limit the attack surface of these communication networks, but the introduction of TCP/IP technologies and the increase in complexity of the standards, to allow for two-way communication between devices, has greatly undermined this approach. This increase in attack surface has been demonstrated in recent years with the stuxnet[87] and crash overide[172, 82] attacks. Using the queuing network method against these standards allowed the author to develop domain specific attacks, instead of searching for attacks usually deployed against traditional internet technologies. The philosophical approach used in this research was to develop models of how the devices reach undesirable states, before describing what level of access and abilities the adversary required to implement the attack. This approach is agnostic to the adversary’s methods of entry and techniques used execute the abilities. During the course of this research project the queuing network was used to show that a re- stricted adversary can cause a desynchronisation of state between devices during the issuance of IEC61850 control commands and the desynchronisation of a device from a timing source with the correct accuracy. The method was also used to show probability of success of a maliciously injected Generic Object Oriented Substation Events (GOOSE) message to cause a denial of service attack. A context-free grammar was used to demonstrate how a race condition in the IEC61850’s association model can be used in a credential intercept attack. These attacks were published across five papers ([207] to [211]).
View
... A disproportionate behaviour of households/end-users/micro-levels is one of the main sources of energy losses. Several empirical and theoretical studies previously targeted the DSM of electricity, always to understand how energy losses in the electrical smart grid system may be reduced, and performance improved [12,13]. ...
Resolving Energy Losses Caused by End-Users in Electrical Grid Systems
Article
Full-text available
  • Mar 2021
This study utilises the Pareto approach to highlight the energy losses that mainly originate from the phenomena of tiny, initiated events created by end-users of electricity in Australia. Simulation modelling was applied through two stages to examine residential households’ electricity consumption behaviour in New South Wales, Australia. Stage one analysis applied Hierarchical agglomerative clustering and a dendrogram to denote the respective Euclidean distance between the different clusters. Heat maps and threshold value area charts were used to compare the mean power demand for six respective clusters. Stage two used ‘sensitivity analysis’ to investigate how uncertainty in the electricity demand can be allocated to the uncertainty of energy losses. The findings envision practical solutions to dealing with the variability of energy losses and the proposal to set new demand-side strategies associated with individuals. Retail prices of electricity in Australia have risen by roughly 60% since 2007. The research contributes to knowledge about the roots of energy losses in Australia, creating a $210M cost value. Energy losses are of significant economic value, while also impacting energy security. The first limitation of this study is using approaches from complexity theory to grasp the philosophical issues behind the research design and clarifying which insights suit what kind of evidence, thus identifying the data that needed to be collected. The second limitation is that this study’s methodology used a mostly quantitative approach that describes and explains a complex phenomenon in depth more than exploring and confirming that phenomenon. The third and final limitation is that this study’s context is also limited regarding selected sample criteria. The context is limited to a particular demographic area in New South Wales (NSW) in Australia and is also limited to residential houses (not industrial or commercial), which was opposed by data availability and access. The research draws on ‘peak and off-peak’ scales of electricity demand cause energy losses. The research shows the role of the phenomena of spontaneous emergence as a non-linked constraint which is the main issue that splits the optimal solution into pieces and significantly complicates the solution task. Demand side management (DSM) of electricity can be improved from this to construct new demand-side strategies. The study is structured around understanding the consequences of the scalability of events and the clustering dynamic of non-linearity through relevance complexity concepts exclusive to spontaneous emergence (SE), power laws (PLs), Paretian approach (PA), and tiny initiated events (TIEs). We examined the issues of the spontaneous emergence of non-linear, dynamic behaviour involved in the electricity demand of end-users on the basis of pushing individual systems of end-users to the edge of self-organised criticality (SOC). Revising the demand system’s complexity has value in constituting a core domain of interest in what is new in the field of demand side management (DSM), thus contributing to understanding end-users’ behaviour-driven energy losses from both theoretical and empirical perspectives.
View
... As a consequence, homeowners could have two different electric bills: one from the utility and one from the smart meter. We have proposed an approach to address this issue in [49]. With accountability, the false party can be detected by provable evidences. ...
View
Smart Grid Architecture Overview
Chapter
  • Jul 2021
This chapter discusses the principles of current electrical power systems. The two main characteristics of conventional electrical power systems are: centralized energy generation and unidirectional power delivery systems. The traditional power grid is a centralized control and management system that uses a supervisory control and data acquisition. The chapter investigates the implications of the transformation trend toward smart grid (SG) architecture. The SG architecture consists of three main systems: power, communication, and information. The design and analysis of future SGs require fundamental insight into the impact of power network topology and integrated network control with Big Data utilization. The SG control architecture should therefore be dynamic and multilayer to handle real‐time operation and provide tradeoff between performance and implementation. The transfer of the traditional grid to a SG requires modifications and upgrades at various levels of the electric grid. Decentralization enables active elements of the system but requires a high level of coordination.
View
An Accountable Neighborhood Area Network in Smart Grids
Article
  • Jan 2012
Since customer's monthly electricity bill is charged solely based on the measurement of a power meter, once the meter is compromised or malfunction, the correctness of the bill cannot be guaranteed. To eliminate this problem, we propose an accountable scheme for the smart gird in a neighborhood area network (NAN).
View
Home area network accountability with varying consumption devices in smart grid
Article
  • Dec 2015
Among the principals for securing smart grid infrastructure, accountability is one with lesser addressed concepts in smart grid literature. Even further, studies in the home area network are lacking in enforcement of accountable mechanisms as assigning responsibilities for devices' actions are generally made the responsibility of the utility. This paper addresses accountability of devices in the home area network by providing a witness-based method for more accurate monitoring and estimation of the energy usage for devices whose power consumption varies while these devices are powered on. Algorithm analysis and simulation results show that the method is effective, and the method is well within the acceptable rate of error based on today's standards of estimation without need of previous knowledge of device profiles.
View
Achieving Accountability in Smart Grid
Article
  • Jun 2014
Smart grid is a promising power infrastructure that is integrated with communication and information technologies. Nevertheless, privacy and security concerns arise simultaneously. Failure to address these issues will hinder the modernization of the existing power system. After critically reviewing the current status of smart grid deployment and its key cyber security concerns, the authors argue that accountability mechanisms should be involved in smart grid designs. We design two separate accountable communication protocols using the proposed architecture with certain reasonable assumptions under both home area network and neighborhood area network. Analysis and simulation results indicate that the design works well, and it may cause all power loads to become accountable.
View
Study of Security Attributes of Smart Grid Systems Current Cyber Security Issues
Article
Full-text available
This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nations current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.
View
Control-Aware Wireless Sensor Network Platform for the Smart Electric Grid
Article
Full-text available
  • Jan 2009
The communications needs of monitoring and control of the electric grid is traditionally catered for by wired communication systems. These technologies ensured high reliability and bandwidth but are however very expensive, inflexible and do not support mobility and pervasive monitoring. The communication protocols are Ethernet-based that used contention access protocols which result in high unsuccessful transmission and delay. The use of embedded wireless sensor and actuator networks for monitoring and control of the electric grid requires secure, reliable and timely exchange of information among controllers, distributed sensors and actuators. The exchange of information is over a shared wireless medium. However, wireless media is highly unpredictable due to path loss, shadow fading and ambient noise. Monitoring and control applications have stringent requirements on reliability, delay and security. The primary issue addressed in this paper is the impact of harsh power system environment on reliable and timely information exchange in wireless sensor and actuator networks. A combined networking and information theoretic approach was adopted to determine the transmit power required to maintain a minimum wireless channel capacity for reliable data transmission. We also develop a channel-aware optimal slot allocation scheme that ensures efficient utilization of the wireless link and guarantee delay. Various analytical evaluations and simulations are used to evaluate and validate the feasibility of the methodologies and demonstrate that the protocols achieved reliable and real-time data delivery in wireless industrial sensor networks.
View
SmartPrivacy for the Smart Grid: embedding privacy into the design of electricity conservation
Article
Full-text available
  • Aug 2010
The 2003 blackout in the northern and eastern U.S. and Canada which caused a $6 billion loss in economic revenue is one of many indicators that the current electrical grid is outdated. Not only must the grid become more reliable, it must also become more efficient, reduce its impact on the environment, incorporate alternative energy sources, allow for more consumer choices, and ensure cyber security. In effect, it must become “smart.” Significant investments in the billions of dollars are being made to lay the infrastructure of the future Smart Grid. However, the authors argue that we must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform. Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy. Smart meters and smart appliances will constitute a data explosion of intimate details of daily life, and it is not yet clear who will have access to this information beyond a person’s utility provider. The authors of this paper urge the adoption of Dr. Ann Cavoukian’s conceptual model ‘SmartPrivacy’ to prevent potential invasions of privacy while ensuring full functionality of the Smart Grid. SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces, education and awareness; audit and control; data security; and fair information practices. Each of these elements is important, but the concept of Privacy by Design represents its sine qua non. When applying SmartPrivacy to the Smart Grid, not only will the grid be able to, for example, become increasingly resistant to attack and natural disasters—it will be able to do so while also becoming increasingly resistant to data leakage and breaches of personal information. The authors conclude that SmartPrivacy must be built into the Smart Grid during its current nascent stage, allowing for both consumer control of electricity consumption and consumer control of their personal information, which must go hand in hand. Doing so will ensure that consumer confidence and trust is gained, and that their participation in the Smart Grid contributes to the vision of creating a more efficient and environmentally friendly electrical grid, as well as one that is protective of privacy. This will result in a positive-sum outcome, where both environmental efficiency and privacy can coexist. KeywordsSmart Grid-SmartPrivacy-Electrical grid-Power utilities
View
Review of technologies and implementation strategies in the area of Smart Grid
Conference Paper
Full-text available
  • Oct 2009
Currently there is a global concern about the economic downturn and a greener Earth which is related to a better and efficient method to generate and transmit electric power. With the advent of the plug-in electric vehicles and renewable energy generators, a smarter, more efficient and customer-friendly power grid is essential. Progress is underway for the development of technologies which can improve the quality, efficiency & reliability of the existing transmitted electric power. Governments and sponsors around the world are investing in R&D strategies to construct a smart electric power infrastructure which supports the decentralized approach of power generation, employs two - way intelligent communications for real time monitoring, utilizes demand & fault management and latest security protocols to contribute towards a rigid and attack free electric power network. This paper gives suggestions to emerging novel solutions by utilizing the current advancements and technologies in the area of smart electric power system. It also depicts how smart grid addresses the current issues in the power industry.
View
PeerReview: Practical accountability for distributed systems
Conference Paper
Full-text available
  • Jan 2007
We describe PeerReview, a system that provides accountability in distributed systems. PeerReview ensures that Byzantine faults whose effects are observed by a correct node are eventually detected and irrefutably linked to a faulty node. At the same time, PeerReview ensures that a correct node can always defend itself against false accusations. These guarantees are particularly important for systems that span multiple administrative domains, which may not trust each other.PeerReview works by maintaining a secure record of the messages sent and received by each node. The record isused to automatically detect when a node's behavior deviates from that of a given reference implementation, thus exposing faulty nodes. PeerReview is widely applicable: it only requires that a correct node's actions are deterministic, that nodes can sign messages, and that each node is periodically checked by a correct node. We demonstrate that PeerReview is practical by applying it to three different types of distributed systems: a network filesystem, a peer-to-peer system, and an overlay multicast system.
View
View
Data communication over the smart grid
Conference Paper
  • May 2009
The emerging smart grid system requires high speed sensing of data from all the sensors on the system within a few power-cycles. The Advanced Metering Infrastructure is a simple example of such a system where all the meters on a certain grid must be able to provide the necessary information to the master head end within a very short duration (fraction of a second for real time load control). Wireless solutions for the smart grid systems have been implemented, but cannot access all grid locations, especially enclosed ones. In this paper, we present an interactive, OFDMA based communication system optimized for operation over the low voltage power lines in the CENELEC bands A and B. A channel model representing statistical time-varying, and frequency selective powergrid channels and noise is presented. Using this model, an OFDMA based transceiver is developed that is capable of providing smart grid like access capacity to the head end connected to multiple meters. The transceiver is optimized based on the channel model and the characteristics derived from the structure of the grid.
View
A Smarter Grid for Improving System Reliability and Asset Utilization
Conference Paper
  • Sep 2006
The power grid is aging and under stress. Unlike other modern networked systems, the grid lacks intelligence and automation. This paper has presented a new look at the way a Smart Grid can be implemented. The conventional approach has been to first obtain real time information on critical parameters, and then by controlling VAR resources, tap changers, and FACTS devices to achieve the desired control. A simpler approach is presented here based on using highly interconnected meshed networks. Such networks have been used in high density urban areas for many years for the high reliability achievable, but suffer from poor line utilization and lack of flexibility under contingency or load growth conditions. The use of a large number of current limiting conductor or CLiC modules provides a simple and cost-effective approach for realizing a controllable meshed network, maximizing network capacity under diverse contingencies and load growth scenarios. Using a low-tech approach, it is seen that basic network performance and reliability are dramatically increased. It is also seen that the distributed nature and inherent redundancy in the deployment of large numbers of CLiC modules, results in high system reliability
View
Security and Privacy Challenges in the Smart Grid
Article
  • May 2009
The electrical grid is undergoing one of the largest transitions in its long historythe move to smart grid technology. This new grid lets customers and providers more efficiently manage and generate power. As with many new technologies, the smart grid also introduces new security concerns. This article considers the state of global smart grid deployments and the operational, ecological, and financial motivations behind them as well as potential sources and costs of security failures. Future initiatives might address the security challenges future deployments are almost certain to face.
View
Price-Responsive Demand Management for a Smart Grid World
Article
  • Feb 2010
Hung-po Chao is Director, Market Strategy and Analysis, at ISO New England, Holyoke, Massachusetts. From 2005 to 2008, he was Director, Market Monitoring, at the ISO. Before joining the ISO, Dr. Chao held various technical and management positions at the Electric Power Research Institute (EPRI) and was a Consulting Professor at Stanford University (currently on leave). Dr. Chao specializes in energy and environmental policy analysis, particularly pricing strategy, operational planning, economic risk analysis, and power market design. He was a recipient of the Franz Edelman Award from the Institute of Operations Research and Management Science (INFORMS) for outstanding achievement in management science and operations research. He holds a Ph.D. in Operations Research, with a minor in Economics, from Stanford University.
View