Secure multicast for power grid communications

Zhang, Jianqing

Permalink

https://hdl.handle.net/2142/18425 Copy

Description

Title

Secure multicast for power grid communications

Author(s)

Zhang, Jianqing

Issue Date

2011-01-14T22:50:24Z

Director of Research (if dissertation) or Advisor (if thesis)

Gunter, Carl A.

Doctoral Committee Chair(s)

Gunter, Carl A.

Committee Member(s)

• Campbell, Roy H.
• Sanders, William H.
• King, Samuel T.
• Mix, Scott

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Power grid communications
• Multicast
• Security
• Application-Aware
• SecureSCL

Abstract

Secure multicast for power grid systems faces a number of challenges like complex and error-prone group configuration, inefficient group key management, real-time challenges to existing security protocols and the balance among correctness, efficiency, feasibility and cost. We propose an application-aware approach to setting up secure multicast for power grid communications that automatically derives group memberships and verifies configuration conformance from data dependencies in system specifications. We present an analytic publish-subscribe model, which formally depicts the relationships between data objects, publishers, subscribers and group controllers in a secure multicast system. Based on the model, we study anomalies in multicast functionality configurations like redundant and unauthorized publications, source-anomaly and data-dissatisfaction subscriptions. Algorithms are developed to detect the anomalies and verify the configuration conformance. A practical architecture is designed for automatic and error-resistant group configuration. It transforms the application layer system specifications to the network layer group security associations, policies and credentials. We also demonstrate the feasibility of raising link layer control messages to the network layer and protecting timing critical multicast traffic using one of the off-the-shelf network layer security protocols, namely IPsec. We provide experimental evidence that native IPsec multicast is capable of addressing latency constraints in medium scale networks. To evaluate the approach, we present a case study of IEC 61850 power substation networks and have developed a demo system, SecureSCL. The case study shows the benefits a real-world application gains from the automatically-generated group security configurations and demonstrates the practicality and efficiency of the approach. This work provides a cross-layer approach of automatically self-generated group configuration for power grid communications, addressing key concerns of both system implementation and conformance analysis. The proposed multicast model and verification mechanism can be extended for generic secure communication configurations. On the other hand, the prototype system SecureSCL has a potential of being developed into a realistic application for power substations.

Graduation Semester

2010-12

Permalink

http://hdl.handle.net/2142/18425

Copyright and License Information

Copyright 2010 Jianqing Zhang

Owning Collections