Exploiting Security Vulnerabilities in a Smart Grid Home Area Network Using Hardware Simulation
The current electrical power grid is a century old technology with little to no improvement since implementation. The Smart Grid is a re-imagined version of the current grid, one which promotes a two-way flow of both energy and information. The overall goals with the smart grid include an increased ability for consumers to watch and conserve their consumption of power, self-healing capabilities in the grid, and an increased ability to use alternative energy sources (i.e. wind and solar). Research at Texas Tech is focused on security issues with the home area network (HAN) in the Smart Grid using the ZigBee wireless protocol. The most likely candidate for wireless protocol in a HAN is ZigBee. ZigBee is a low power, low data rate communication protocol based on IEEE 802.15.4, but research is needed to enhance the security of ZigBee networks. This research has extended an existing hardware simulation to explore hardware vulnerabilities using the KillerBee attack framework. KillerBee is an open source set of Linux tools specifically designed for exploiting ZigBee networks. Two specific attack scenarios were completed. The first attack scenario is called a flood attack, where association request packets are continuously injected into the coordinator device to prevent the coordinator from communicating with actual devices. The second attack scenario is called a back-off time attack. Much like the flood attack association, requests will be injected into the coordinator device with the devices back-off time used as the count for how frequently the packet is injected. The back-off time of a device is the amount of time that passes between the receipt of an association request packet and the time a coordinator will begin accepting packets again. The long term benefits to this research include the development of a system which is capable of generating data about HAN network security vulnerabilities for use in event stream processing (ESP). Once ESP has this data, attempts can be made to write rules for intrusion detection.