An Approach for Securing Cloud-based Wide Area Monitoring of Smart Grid Systems

. Computing power and flexibility provided by cloud technologies represent an opportunity for Smart Grid applications, in general, and for Wide Area Monitoring Systems, in particular. Even though the cloud model is considered efficient for Smart Grids, it has stringent constraints in terms of security and reliability. An attack to the integrity or confidentiality of data may have a devastating impact for the system itself and for the surrounding environment. The main security risk is represented by malicious insiders, i.e., malevolent employees having privileged access to the hosting machines. In this paper, we evaluate a powerful hardening approach that could be leveraged to protect synchrophasor data processed at cloud level. In particular, we propose the use of homomorphic encryption to address risks related to malicious insiders. Our goal is to estimate the feasibility of such a security solution by verifying the compliance with frame rate requirements typical of synchrophasor standards.


Introduction
Future generations of Wide Area Monitoring Systems (WAMS) look at commercial cloud architectures as an opportunity to reduce costs, increase data sharing, enhance scalability, and improve availability. At the core of WAMs there are PMUs (Phasor Measurement Units), which are nowadays used in distribution network context to measure and control the status of power grid. PMUs do so through synchrophasors, i.e, time-synchronized numbers that represent both the magnitude and phase angle of the sine waves found in electricity, which are time-synchronized for accuracy. Synchrophasors enable a synchronized evaluation of the phasor through GPS radio clock, and are being extensively deployed together with network-based Phasor Data Concentrator (PDC) applications for providing a precise and comprehensive view of the status of the entire grid. PDC units are in charge of collecting data coming from different PMUs and realize the effective computation. Prototypal solutions of Cloud-based WAM were proposed [10]. The idea is to capture sensors data on a cloud-computing platform, and leverage its facilities to archive the data into a standard data collection infrastructure, which can include standard databases or grid specific solutions such as OpenPDC [11] to track the system state in real-time by performing the variety of analyses at cloud level.
However, difficulties of sharing data in a secure and low-latency manner limits exploitation of this new powerful technology by bulk electric power grid operators. In a cloud-based deployment, the PDC application may be exposed to a number of threats that affect both confidentiality and integrity of sensitive data going through the monitoring system. The Insider Threat [12] is a particularly worrying example. It is impersonated by a malicious employee of cloud providers that leverages the privileged position to obtain access to sensitive data [20]. Two solutions are the most accepted against malicious insiders: Trusted Execution (TE) and Homomorphic Encryption (HE). There are works proposing the adoption of TE, in particular Intel SGX, for enabling the cloudification of SCADA systems [15][16] [17]. While the adoption of HE for WAMS was still poorly investigated [18]. In this paper we propose an approach that enables secure synchrophasor data processing in untrusted cloud environments. Our approach is to leverage most recent implementations of HE to create and preserve a chain-of-trust from the field data collection to the cloud processing, and ensures confidentiality, even against malicious insiders. The idea is to encrypt PMU data on field and then transmit such a data to the cloud for subsequent storage or processing Synchrophasor measurements are always kept encrypted and evaluations like phase comparisons will be performed on ciphered data. In this way risks coming from malicious cloud insiders can be addressed and the security is preserved. Unfortunately, HE suffers from a non-negligible performance overhead, which could made the adoption of this technology impossible for synchrophasor data processing, which are characterized from strict frame rate requirements. Most-recent schemes like the one adopted in this paper, i.e., TFHE [13] [14], started to provide very fast results. Our goal is to evaluate the feasibility of HE towards secure synchrophasor data processing in untrusted cloud by estimating supported frame rates. The remainder of this work is organized as follows. Section 2 provides background on HE. Afterwards, Section 3 introduces synchrophasor systems and concepts of Wide Area Monitoring. Then, Section 4 defines possible threats in cloud environment. This is followed by Section 5 where we provide our solution. Finally, Section 6 concludes the document.

Synchrophasor Systems for Smart Grids
Wide-Area Monitoring Systems (WAMS) of power grids is one important application from Smart Grid infrastructures. WAMS are composed of distributed measurement and control devices, characterized by a hierarchical architecture. A key component of WAMS is the Phasor Measurement Unit (PMU). This is the device in charge of electrical quantities synchronized measurements, e.g., voltage and current phasors, frequency and rate of change of frequency (ROCOF) with an accurate time-tag based on the Universal Coordinated Time generally obtained from a GPS receiver or through IEEE1588 synchronization. PMUs forward the acquired data to a Phasor Data Concentrator (PDC), which collects and aligns the provided measurements before send them next higher PDC levels. Ultimately, data arrives to a control center application where the overall status of the electric grid is evaluated.
Originally, synchronized measurements of WAMS were designed for transmission systems. After the advent of smart grid frameworks, benefits of Synchrophasor technology are moving also to the distribution network. The use of PMUs in the distribution network context represents a new challenge: the stand-alone PMUs and PDCs could be replaced by dedicated functionalities implemented in Intelligent Electronic Devices (IEDs) or by existing measurement devices upgraded in order to build an Internet of Things (IoT) network with synchrophasor functionality. In a Synchrophasor system suitable for distribution grids, several measurement devices will be necessary and, in this new scenario, the classical hierarchical architecture can be inadequate, since it can be unable to manage many PMUs and/or PMU-enabled instruments. A solution can be represented by replacing the hierarchical structure of PDCs with a less expensive and rapidly scalable structure based on cloud computing. The communication systems used by distribution system operators (DSOs) are expected to be shared and/or public. In this case, the bandwidth available for devices involved is strictly dependent on the type of communication channel adopted. Normally, in transmission system WAMS, PMUs send data at a constant rate of 50-60 frames per second (fps) to guarantee the monitoring of dynamic events. The choice of 50 or 60 frames mean different supported frame rates (Table 1). The standard says: "The actual rate to be used shall be user selectable. Support for other reporting is permissible, and higher rates such as 100 frames/s or 120 frames/s and rates lower than 10 frames/s such as 1 frame/s are encouraged". That is, the minimum accepted may be 1 frame per second.

Threats in a Cloud Environment
While, on one hand, cloud computing is capable of offering huge benefits to Smart Grid systems in terms of IT cost saving and reliability. On the other hand, it opens to a number of security risks that cannot be underestimated. As evidenced by Coppolino et al. [2], applications running in the untrusted cloud are exposed to well-known attacks, which have been around for years but that gained prominence again because of the large adoption of cloud computing. These include attacks aiming at violating: i) availability by, e.g., flooding targeted machines (Denial of Service (1)); ii) data confidentiality/integrity by, e.g., altering communication channels [21] (Traffic Hijacking (2)) or landing on the system to subsequently launch an attack (Account Hijacking (3)). Besides these, the taxonomy considers other attacks, which in turn are typical of the cloud universe. That is, those perpetrated by:  Internal users who own a Virtual Machine (VM) and exploit flaws in the hypervisor (Shared Technologies Vulnerabilities (4)) to attack another VM instance.  The Cloud Provider -embodied by disgruntled employees or administrators -that leverages its privileged position to get access to an unprecedented amount of information and on a much greater scale (Malicious Insiders (5)). The latter is definitely the most worrisome category of attackers who can easily cover their actions and go undetected for years. It is even more worrying in the context of Smart Grid since the impact on the external environment could be destructive. Attacks to the integrity, e.g., could have effects on the capability to provide correct commands to the actuators, and also acquire the right measurements from sensors. This entails that operators may assume that the status of the infrastructure is normal since all measured parameters have the expected values but this is not the case. Equally important is the availability of WAMS applications. Attacks like DoS, in fact, may cause corruptions on the status of the infrastructure, hardware failures, and, more importantly monitoring service outage. In the case of critical infrastructures, e.g., this could mean risks to human lives. Finally, attacks to confidentiality would imply that the adversary either infers the current state of the Smart Grid. Figure 1 reports the high-level architecture of our proposed solution. PMUs gather data from sensors deployed on-field and send it to different layers of PDCs up to the PDC gateway, at the top. This unit is in charge of encrypting data -in a homomorphic fashion -and, then, establishing a TLS secure communication with its counterpart at cloud level to create an authenticated channel. Hence, the acquired encrypted measurements are sent via this secure channel. At cloud level, the synchrophasor data is received and sent over a distributed message-based bus (e.g., ZMQ) to different Microservices (MS), i.e., small independent software units that interact each other through messages. Microservices are a new way of conceiving applications architectures, which fit much better for distributed applications like those for cloud platforms. In our work, besides providing and storing measurements, MSs perform also those mathematical functions needed by the WAMS case study.

Figure 1 -Proposed Solution
In particular, we identified two mathematical operations to be realized on homomorphic encrypted data for synchrophasor evaluations, i.e.: phase subtraction and phase comparison. From a practical point of view, this meant the definition of a dedicated logical Boolean circuit -composed of gates having homomorphic supportin which ciphered bits will go through to carry out the protected computation. Figure 2 shows the final scheme of the logical circuit used, which is composed of a full subtractor and a comparator, organized in sequence.

Figure 2 -Logical circuit for HE synchrophasor evaluations
Our implementation used the widely-accepted APIs of TFHE [13], which is based on the Chillotti et. al HE algorithm [14]. It must be noticed that each gate of the logical circuit introduces an overhead. Hence, particular attention must be put on the number of gate levels to be created. The deeper is the circuit, the higher is the overhead of the overall calculus. To have an idea, we evaluated the execution time of most critical logical gates (e.g. AND, OR, MUX). We obtained that binary gates require on average 8.1ms, while the MUX took 20.4ms using an Intel Xeon E3-1270 v5 CPU with 4 cores at 3.6 GHz, having 8 hyper-threads (2 per core), 8 MB of cache, and 64 GB of memory.
To improve the performance, we took advantage of the bit-wise nature of homomorphic operations and were able to reduce the amount of computations. The system elaborates group of bits from the most significant to the least significant ones. In this way, only in the worst case, the entire word is evaluated. Moreover, we optimized the system by using a particular implementation of Fast Fourier Transform, i.e., FFTW3, which is 3x times faster than the default Nayuki implementation. Finally, we ran tests on our developed WAMS. We used the OpenDSS comprehensive electrical power system simulation tool for simulating the WAMS data and properly evaluate the homomorphic computations. Results obtained are the following: 330.4ms in the best case and 651.3ms in the worst case. This means that the only standard rate that may be supported by a WAMS having homomorphic encryption is 1 frame per second, i.e., the minimum defined in IEEE Std C37.118.2™-2011.

Conclusion
This paper discussed an approach for securing Wide Area Monitoring Systems running in cloud environments, and therefore exposed to dangerous attacks from malicious insiders on sensitive data. The solution proposed leverages homomorphic encryption for executing protected synchrophasor computation. Our goal was to evaluate the feasibility of such an approach and understand the impact on the overall performances. In fact, requirements of data processing rates declared in synchrophasor standards are strict and it is important to verify the compliance of the system that works on homomorphic encrypted data.