From security to vulnerability: Data authentication undermines message delivery in smart grid

The smart grid is an emerging technology that integrates the power infrastructure with information technologies to enable real-time monitoring and control of various power equipments. As the most important component in power systems, power substations merge not only many critical equipments, such as transformers and transmission lines, but a large amount of system information to manipulate miscellaneous system events for well-maintained system states. In this paper, we aim at security issues within a substation and try to address the open question, whether existing security mechanisms satisfy both security and performance requirements of applications in Substation Automation Systems (SAS). To this end, we establish a small-scale SAS prototype with commonly-used security mechanisms for message integrity protection, such as RSA and one-time signature (OTS) based schemes, to measure delivery performances of secure SAS messages. Our results reveal that neither of them can be readily adopted by the SAS. Adversely, the limitation of security mechanisms, such as complicated computation, short key valid time and limited key supply, can be easily hijacked by attackers to undermine the SAS message delivery, thereby becoming security vulnerabilities. Our work indicates that message integrity protection in the SAS needs to be addressed urgently before a large-scale deployment of the smart grid.