Abstract
Advanced metering infrastructure, along with home automation processes, is enabling more efficient and effective demand-side management opportunities for both consumers and utility companies. However, tight cyber-physical integration also enables novel attack vectors for false data injection attacks (FDIA) as home automation/ home energy management systems reside outside the utilities' control perimeter. Authentic users themselves can manipulate these systems without causing significant security breaches compared to traditional FDIAs. This work depicts a novel FDIA that exploits one of the commonly utilised distributed device scheduling architectures. We evaluate the attack impact using a realistic dataset to demonstrate that adversaries gain significant benefits, independently from the actual algorithm used for optimisation, as long as they have control over a sufficient amount of demand. Compared to traditional FDIAs, reliable security mechanisms such as proper authentication, security protocols, security controls or, sealed/controlled devices cannot prevent this new type of FDIA. Thus, we propose a set of possible impact alleviation solutions to thwart this type of attack.
Original language | English |
---|---|
Title of host publication | CODASPY'21 - Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy |
Editors | Murtuza Jadliwala |
Place of Publication | New York NY USA |
Publisher | Association for Computing Machinery (ACM) |
Pages | 41-52 |
Number of pages | 12 |
ISBN (Electronic) | 9781450381437 |
DOIs | |
Publication status | Published - 2021 |
Event | Conference on Data and Application Security and Privacy 2021 - Online, United States of America Duration: 26 Apr 2021 → 28 Apr 2021 Conference number: 11th https://dl-acm-org.ezproxy.lib.monash.edu.au/doi/proceedings/10.1145/3422337 (Proceedings) http://www.codaspy.org/2021/ (Website) |
Conference
Conference | Conference on Data and Application Security and Privacy 2021 |
---|---|
Abbreviated title | CODASPY 2021 |
Country/Territory | United States of America |
Period | 26/04/21 → 28/04/21 |
Internet address |
Keywords
- Demand response
- false data injection attack
- impact alleviation
- smart grid vulnerabilities