We can pay less: coordinated false data injection attack against residential demand response in smart grids

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Advanced metering infrastructure, along with home automation processes, is enabling more efficient and effective demand-side management opportunities for both consumers and utility companies. However, tight cyber-physical integration also enables novel attack vectors for false data injection attacks (FDIA) as home automation/ home energy management systems reside outside the utilities' control perimeter. Authentic users themselves can manipulate these systems without causing significant security breaches compared to traditional FDIAs. This work depicts a novel FDIA that exploits one of the commonly utilised distributed device scheduling architectures. We evaluate the attack impact using a realistic dataset to demonstrate that adversaries gain significant benefits, independently from the actual algorithm used for optimisation, as long as they have control over a sufficient amount of demand. Compared to traditional FDIAs, reliable security mechanisms such as proper authentication, security protocols, security controls or, sealed/controlled devices cannot prevent this new type of FDIA. Thus, we propose a set of possible impact alleviation solutions to thwart this type of attack.

Original languageEnglish
Title of host publicationCODASPY'21 - Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy
EditorsMurtuza Jadliwala
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages41-52
Number of pages12
ISBN (Electronic)9781450381437
DOIs
Publication statusPublished - 2021
EventConference on Data and Application Security and Privacy 2021 - Online, United States of America
Duration: 26 Apr 202128 Apr 2021
Conference number: 11th
https://dl-acm-org.ezproxy.lib.monash.edu.au/doi/proceedings/10.1145/3422337 (Proceedings)
http://www.codaspy.org/2021/ (Website)

Conference

ConferenceConference on Data and Application Security and Privacy 2021
Abbreviated titleCODASPY 2021
CountryUnited States of America
Period26/04/2128/04/21
Internet address

Keywords

  • Demand response
  • false data injection attack
  • impact alleviation
  • smart grid vulnerabilities

Cite this