A Security Mechanism for Software-Defined Networking ... - IEEE Xplore

2016 the 4th IEEE International Conference on Smart Energy Grid Engineering

A Security Mechanism for Software-Defined Networking Based Communications in Vehicle-to-Grid Shanghua Zhang, Qiang Li, Jun Wu, Jianhua Li, Gaolei Li School of Electronic Information and Electrical Engineering Shanghai Jiao Tong University Shanghai, China e-mail: [email protected] Abstract—As a kind of new technologies in smart grid, vehicleto-grid (V2G) constructs a flexible and extensible interoperation platform between electric vehicles and grids, in which the bidirectional charging can be performed between vehicles and grid based on the demands. In V2G, there are numerous challenges among which cyber security is a major one that needs to be addressed with priority. The softwaredefined networking is an advanced architecture for next generation networks, which provide flexible control by separating control plane from data plane. The flexible configuration for the communications and security can enable more scalable, secure, and collaborative system, these make the SDN as a potential communication architecture for V2G.This paper aims to apply the SDN technology on V2G system, which we termed as software-definedV2G (SD-V2G).To the best of our knowledge, this is the first work to deal with the high dynamics of communications and security for V2G by using SDN. Moreover, we propose a novel security communication mechanism (SCM) for dynamic V2G system to ensure confidentiality, integrality, non-repudiation, authentication, etc. To evaluate the scheme, the security analysis, performances, and comparisons are done to demonstrate that the proposed software-defined SCM (SD-SCM) is possible and a promising solution for SD-V2G system. The proposed SD-SCM is significant to enhance the security for V2G. Keywords-V2G; software-defined control plane; data plane

I.

networking;

security,

INTRODUCTION

With the increasing number of vehicles, the ecological environment is getting worse. As a result, electric vehicles attract increased attention in recent years. But a large number of vehicle charging will bring rapid growth in electricity load, which increases the pressure of power generation, power transmission and power distribution. Vehicle-to-Grid (V2G) [1] was proposed to solve the above problems. V2G describes a new type of grid technology. Electric vehicles are not only electricity consumption, at the same time, they can provide electricity for grid when electric vehicles are idle.V2G have achieved two-way interaction between the energy of electric vehicles (EV) and grids under controlled conditions. Charge-discharge control devices of V2G interact with grid, but also interact with vehicles. The interactive contents including energy conversion, customer demand information, power status, vehicle information, metering and billing information. The implementation of V2G will enable

978-1-5090-5111-3/16/$31.00 ©2016 IEEE

386

grid technology to a more intelligent direction and also enable the development of electric vehicles obtained breakthroughs. Currently using substation network communication standard IEC 61850 for modeling V2G has become a trend [2]. In this way interoperability information communication model can be established between V2G and smart grid. But there are still some problems. With the continuous expansion of V2G network scale, it leads that V2G need solve the problem of traffic control and the problem of network load capability. Hence, software-defined network (SDN) [3] has been adopted in this paper to improve network performance.SDN provides flexible control by separating control plane from data plane. Control plane has logical centralization and programmable controllers. Controllers can grasp the global network information, so it is easy to configure the network and deploy new protocols. Data plane includes dumb switches. Switches only provide simple data forwarding function, thus matching packets can be processed quickly to adapt the growing traffic. Using open unified interface between two layers interact. Programmability and control logical centralization of SDN can accelerate network innovation and greatly simplify network management. The characteristic of SDN make the SDN as a potential communication architecture for V2G. This paper aims to apply the SDN technology on V2G system, which we termed as software-defined V2G (SD-V2G). According to existing research, this is the first work to proposeSD-V2G. With newSD-V2G architecture, some security issues are common to SDN and V2G.The most important is to guarantee the confidentiality of the information in transmission process and to prevent the information from tampering by attackers. Currently most research work in SDN focuses on inserting security policies in monitoring systems to dynamically detect and lighten suspicious traffic during network operations. The work in [4] utilize FleXam to protect controllers access information from worm propagation. And the work in [5] studied security issues of SDN itself. To identify abnormal flows, the method in [6] adopt a Distributed Denial of Service (DDoS) detection. And there are several literatures study communication between grid and V2G charging station. Some works just consider the security of EVs. The work in [7] studied privacy preservation for EVs in V2G. A low overhead batch authentication protocol for EVs is considered

in [8]. The scheme in [9] utilizes channel-based key management approach to protect EVs from the availability attacks. And the work in [10] utilize Blue Jay ultralightweight hybrid cryptosystem for V2G connection. In order to ensure the security communication for SDV2G, a security communication mechanism (SCM) is proposed to ensure confidentiality, integrality, nonrepudiation, authentication, etc. The encryption keys play a important role on securing data confidentiality, integrality, non-repudiation and authentication. The key management scheme (KMS) plays an core role for SCM systems to ensure the key security. The reminder of the paper are as follows: Section II presents preliminaries of SD-V2G. We also state modeling V2G with IEC 61850, SDN with IEC 61850, and KMS of V2G. The SD-V2G system and SD-SCM mechanism is proposed in Section III. Section IV evaluates the performance of SD-V2G system and analysis the performance of SD-SCM. Section V makes a conclusion. II.

maintaining an appropriate network performance. So a software defined network framework based on IEC61850 was proposed [12], according to the network status and their demands to determine different types of data flow, using the control and monitoring tool to improve the efficiency of the smart grid information transmission and meeting the demand of the smart grid communication.

PRELIMINARIES

A. Information Modelling V2G The security attacks vectors in communication architecture of V2G is shown in Fig. 1.V2G controller needs real-time monitoring charging equipment and transmitting information which grid needed via Ethernet to the gateway, router and dispatching center server. Energy between V2G charging stations and grid is two-way flows and also information is two-way flow. Thus the standard of building V2G charging station communications system must be able to implement interoperability between V2G charging stations and grid. At present, the unique international universal IEC 61850 standard for smart grid [11] construction adopts the following technique, object-oriented modeling, hierarchical distributed system, Abstract Communication Server Interface (ACSI) and Specific Communication Service Mapping (SCSM), etc. These technologies enable open, interactive and interoperability between digital substations and realize the interoperability between different vendors' equipment. And the second edition of IEC61850 applications has been extended from the substation to the new energy, distributed generation and other fields, so it into provides a standard for new energy and distributed generation into smart grid construction. So there are a lot of researches apply objectoriented modeling method of IEC61850 standard to establish charging stations information model which can meet the demand of smart grid development.

Figure 1. The security attacks vectors in communication architecture of V2G.

C. Security Requirement of V2G and KMS In Fig. 1, there are several attack vectors existing in servers, controllers, EVs and the links between them. Some of the attacks are on grid communication and the others are on charging station communication. To guarantee the confidentiality of the information in transmission process and prevent the information from tampering by attackers, a SCM is needed. And the core content of SCM is KMS [13]. The KMS for V2Gmainly aims to generate and update keys for the security of message. First, due to the dynamic of V2G,the KMS for V2G should adopt distributed key management scheme instead of centralized key management scheme. Centralized key management scheme have shortcoming of single point failure. It causes difficulties in key distribution. Second, participators in vehicles are not fixed. The vehicle can irregularly join or leave. Lastly, considering limited computational power and storage of V2G, a light-weight KMS should be given priority.

B. SDN and IEC 61850 Smart grid is a kind of automatic control and selfprotection grid system. Its reliability, security, and real-time requirements were supported by the information and communications technology (ICT) equipment. Communication technology of grid transmission is not perfect and lack of enough compatibility, so it cannot well adapt to the actual network. Using International Electrotechnical Commission (IEC) device to manage substation automatically, management and control platform must consider the network resources and demands, while

III.

SD-V2G SYSTEM

A. SD-V2G Design Motivation According to previous researches of SDN, SDN can solve two problems of V2G. First, due to the dynamic of

387

based on Extensible Markup Language (XML) solves the problem that IM system could not interconnect with other non-IM system [16]. In order to solve the problem of exchanging non-time-critical data through any kinds of network in IEC61850, extending IEC61850 standard with XMPP become a trend. Hence, IEC61850 8-2 are being draft. Part 8-2 complement the existing Part 8-1 Specific communication service mapping (SCSM) and map SCSM to XMPP [17]. Therefore, XMPP can be used in V2G and SDN. Also XMPP can be used as SBI in SD-V2G architecture.

V2G, V2G have the problem of complex network management and configuration. Traditional network can not solve this problem, but SDN can. Second, energy distribution in V2G is unbalanced, so the importance of communication data is different. It is a burden for traffic control, thus V2G needs fine-grained traffic control.SDN can speed up forwarding time and achieve fine-grained traffic control. This paper aims to apply the SDN technology on V2G system. The architecture of SD-V2G are shown in Fig. 2.

B. SD-V2G Architecture Charging devices, V2G controllers and grid dispatching center are the crucial components to manage and support V2G. Now, we propose a structure of SD-V2G system, as shown in Fig. 2. The structure is comprised of the following plane. 1) Data plane: It contains V2Gcharging devicesfunctionand SDN data plane function, including realtime measurement, statistic information, sending data and forwarding. 2) Control plane: It mainly consists of V2G controllers and SDN controllers.From the perspective of the communication system, V2G controller is a server. V2G controllers need to implement functions, including manmachine interface, data calculation, message generation, event management, data management and log record,etc. And SDN controllersare responsible for protocol calculation, policy distribution and link information collection, etc. 3) Application plane: Smart grid applications and Network applications are all included in this plane.Alarm processing, remote monitor and maintenance, configuration and local control and remote communication all belong to smart grid applications in application plane. Network applications contains network management, secure communication and traffic control,etc.The above applications form the application plane.

Figure 2. SD-V2G architecture.

The second chapter has introduced modeling V2G with IEC61850 and a SDN framework based on IEC61850. Therefore, we can build a software-defined V2G (SD-V2G) architecture through IEC61850 standard. In SD-V2G, we use RE presentational State Transfer (REST) API as north bound interface (NBI) and Extensible Messaging and Presence Protocol (XMPP) protocol as southbound interface (SBI). REST defines a set of architecture principles, web services can be designed based on these principles, including how clients written in different languages process and transmit resource state through Hypertext Transfer Protocol (HTTP).Due to its very easy to use, REST has become the most important Web services design patterns in recent years. Using REST as NBI of SDN, the upper application using HTTP exchange messages to controllers, it simplifies the development process of application on the controller. As REST services represent both a simple and well-documented concept for achieving a high degree of interoperability, there are many researches using REST in the IEC 61850 protocol stack [14]. Through modeling V2G with IEC61850, V2G controllers can use REST exchanging information with grid dispatching center. Hence, REST can be used as NBI in SDV2G architecture. Extensible Messaging and Presence Protocol (XMPP) [15] is one of Instant Message IM protocols. XMPP which is

C. SD-SCM Mechanism To ensure the secure message exchange in hybrid transmission mode, the SD-V2G system constructs the frame structure of SD-SCM. Due to SD-SCM mechanism adopts distributed key management scheme by key graph in Fig. 3. S is a nonempty and finite set that represents server of grid dispatching center. C is a nonempty and finite set that represents all the SDN controllers. Vis a nonempty and finite set that represents a group of vehicles. In SD-SCM, S distributes user key to C using unicast mode and C distributes group key to V using multicast mode. 1) Design the SD-SCM for unicast There are five steps in SD-SCM for unicast transmission mode. Step 1: → : { , }, C send request packet to S. Step 2: generates session keys to encrypt data. Session keys are created by the last session key −1 and an addition value . And can be calculated by of

388

′=

controllers and a random value . ( )is a secure bbit random number algorithm. ( ) is a keyed-hash message authentication function using k as key. () is a hash function. =

( )

=

−1

=

(

(

−1 ⨁

=

(2)

)

3) Key renew scheme In unicast mode, , week).

(3)

Step 3: → : { , }. To ensure the security of session keys, a verification value is created. Hence, send message to . =

−1 ⨁

(

⨁

Step 5: calculate the session key encrypt transmission data.

(1)

⨁ )

−1

(

(4)

,

(13) and use

)

to (14)

will be renewed periodically(a

′ = In multicast mode,

−1 ⨁

)

+1

(15)

will be renewed each session. ′=

+1

(16)

Step 4: receive { , } and authenticate whether message is integrality. ′ can be generated by , −1 and . Only when have the right of controller and the last session key −1 , ′ can be calculated. Through this step, the identity of can be verify. And when ′ = , it can be prove that have not been distorted. ⨁

−1

=

′=

(5) −1

(

⨁ )

Figure 3. The key graph in SD-SCM.

Step 5: calculate the session key encrypt transmission data. =

(

(6)

−1 ⨁

and use

)

to

IV.

A. Performance Evaluation for SD-V2G We did two experiments to analysis network performance of SD-V2G.Experimentsare completed of in a virtual machine environment. Here, Mininet [18] which is a lightweight software-defined network and test platforms is used to simulate network topology. And using Floodlight as SDN controller. The memory of virtual machine is 2G and hard disk is 8G. And the bandwidth of one link is 5Gbt/s. We change the number of nodes in one link to test delay time of end to end communication. The experiment result is shown in Fig. 4. The redline shows the first node forwarding time. The blueline shows time to process all the other nodes. Assuming there are m packets and n nodes in network. Using represent a node processing time and using represent a node forwarding time. The delay time of end to end communication in traditional network is ∙ ∙ + ∙ ∙ . And the delay time in V2G is ∙ + ∙ ∙ . It can prove the delay time in V2G is shorter than in traditional network. Then, in traditional network, nodes calculate next hop address by routing calculation. Routing calculation time is far more than pipeline processing. Hence, SD-V2G can speed up traffic forwarding and solve the problem of traffic control. We change the number of nodes in one link to test delay time of end to end communication. The experiment result is shown in Fig. 4. The blue line shows the first node forwarding time. The red line shows the other nodes

(7)

2) Design the SD-SCM for multicast The step about re are five steps in SD-SCM for multicast transmission mode. Step 1: → : { }, V send request packet to C. Step 2: generates session keys to encrypt data. is same as the step b in And the method of generating unicast mode. The difference is ID not be required. =

( )

=

−1

= Step 3: vehicles V.

→

: { , }. =

(

(

−1 ⨁

(8) )

(9)

)

(10)

send message to a group of −1 ⨁

(11)

Step 4: This step uses same method in unicast mode. ⨁

−1

=

ANALYSIS AND EVALUATION

(12)

389

host1 to host 2 usually in one path. Specified topology with 2 host in link: ℎ 1 − 1 − 3 − 4 − ℎ 2, ℎ 1 − 1 − 3− 5−ℎ , ℎ 1 − 2 − 3 − 4 − ℎ 2, ℎ 1 − 2 − 3 − 5 − ℎ 2. Forwarding data from host1 to host 2 can use multiple paths in SD-V2G. The experiment result is shown in Fig. 6. Network Load capacity is the maximum size of data that carried by network when network have same nodes but different network topologies. And “possibility” on y axis means the possibility of network load capacity within a certain range. Network load capacity of switches are concentrated in the 4-5Gbits in V2G. And network load capacity of switches is distributed dispersed. Hence, network scalability of SD-V2Gis more strong. And the max network load capacity of SD-V2G is larger than the max network load capacity ofV2G. Therefore,SD-V2G has better network load capacity.

processing time. The reason why forwarding time is higher than processing time is that the first switch needs to transmit the data to the controller for processing. Then, the other switches processing time are far less than the first switch. In traditional network, switches calculate next hop address by routing calculation. Routing calculation time is far more than pipeline processing. Hence, SD-V2G can speed up traffic forwarding and solve the problem of traffic control.

B. Analysis and Evaluation for SD-SCM 1) Security analysis A novel security communication mechanism for dynamic V2G system was proposed to ensure confidentiality, integrality, non-repudiation and authentication. Confidentiality and Integrality: In unicast mode, a session key is created based on ID of controllers and additional value using HASH function. HASH function and a random number is used to generate the additional value. And session keys are not directly transmitted. The additional value and the median value is the transmission message. Controllers receive the message and can calculate a verification value. If the verification value equals the additional value, the integrality of transmission message is verified. Therefore, the secure of session key can be guaranteed. No-repudiation and Authentication: Session keys are held only by the two communication ends. Take unicast mode as example, the server will use the ID of controller and the last session key to generate session key. Only if the controller has right ID and the last session key, it would decrypt the message and obtain the session key. Otherwise, the message will be discarded. The authentication and no-repudiation of information transmission can be ensured. 2) Performance evaluation Because SD-V2G is a novel model, it is the first time to study the secure communications in SD-V2G.It is very difficult to compare with other works in SD-V2G. However, there are some research works studying security mechanism in traditional V2G. The work in [10] utilize BlueJay ultralightweight hybrid cryptosystem for V2G connection. And it mainly considered the secure communication between controllers and grid. In this paper, SD-SCM mechanism adopts distributed key management scheme. Grid distributes session key to controllers using unicast mode. Therefore, we calculated the computation cost respectively. Assume that , , ×, and ⊕ are hash, HMAC,multiplicationˈ modulo operation and XOR operation computation time. The results are shown in Table I.HMAC computation time approximately equals to hash computation time. Multiplication and modulo operation computation time is longer than XOR operation computation time. Hence, the

Figure 4. The delay time of end to end communication.

Figure 5. Network topology.

Figure 6. Network load capability.

In Fig. 5 we set two link to test network load capacity. ℎ 1 − 1 − 2 − 3 − ℎ 2 represents the link in traditional network. Traditional work forwards data from

390

computation cost of SD-SCM is lower than the computation cost of BlueJay. SD-SCM has better efficiency. TABLE I. Secure mechanism BlueJayin [10] SD-SCM

[4]

COMPUTATION COST

Computation cost (encryption) +2

2

+2

V.

×

⊕

+

+

[5]

Computation cost (verification) 2

[6]

+2 +2

⊕

[7]

COCLUSION

In this paper, SDN was introduced into V2G to realize communications with higher flexibility and expandability. Through realizing the basic knowledge about modeling V2G with IEC61850 and a software defined network framework based on IEC61850, a novel communication model, SDV2G, was proposed for V2G.Moreover, a novel security communication mechanism, SD-SCM was proposed to enhance the security of SD-V2G. According to the characteristic of SD-V2G, we adopted a distributed and hierarchical approach for securing the communications in SD-V2G. In SD-SCM, Grid dispatching center server distributes session key by unicast mode and controllers distributes session key by multicast mode. Then we did the simulations to evaluate the performance of SD-V2G. The results demonstrate SD-V2G can solve the problem of traffic control and network load capability. Moreover, the analysis of SD-SCM show its advantages of the security performance in terms of confidentiality, integrality, non-repudiation and authentication. Also, the complexity of SD-SCM is lower than the related scheme. The proposed security mechanism is significant and applicable for V2G.

[8]

ACKNOWLEDGMENT

[16]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

This work is supported by National Natural Science Foundation of China (Grant No. 61401273 and 61431008).

[17]

REFERENCES [1]

[2]

[3]

Uwakwe Christian Chukwu and Satish M. Mahajan,“Real-Time Management of Power Systems With V2G Facility for Smart-Grid Applications,”IEEE Trans. Sustainable Energy,vol. 5, pp. 558-566, 2014. T. S. Ustun , C. R. Ozansoy and A. Zayegh,“Implementing Vehicleto-Grid (V2G) Technology With IEC 61850-7-420,”IEEE Trans. Smart Grid, vol. 4, pp. 1180-1187, 2013. W. Xia, Y. Wen, C. H. Foh and D. Niyato ,“ A Survey on SoftwareDefined Networking,” IEEE Communications Surveys & Tutorials, vol.17, pp. 27-51, 2014.

[18]

[19]

391

S. Shirali-Shahreza and Y. Ganjali, “Efficient Implementation ofSecurity Applications in OpenFlow Controller with FleXam, " in 21st IEEE Annual Symposium on High-Performance Interconnects, pp.49-54, 2013. S. Scott-Hayward, G. O'Callaghan and S. Sezer , "SDN security: Asurvey", in Proc.Future Networks and Services (SDN4FNS), IEEE SDN, pp. 1-7, 2013. R. Braga, E. Mota, and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," Local Computer Networks (LCN). IEEE, pp. 408-415., 2010. A. Abdallah and X. Shen, “A lightweight lattice-based security and privacy-preserving scheme for smart grid,” in Proc. IEEE Globecom’14, pp.668-674, 2014. H. Guo, Y. Wu and M. Ma, “UBAPV2G: A unique batch authentication protocol for vehicle-to-grid communications,” IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 707-714, 2011. H. Tseng, “On the security of a unique batch authentication protocol for vehicle-to-grid communications,” in Proc. ITST, pp. 280–283, 2012. A. Abdallah, X. Shen,“Lightweight Security and Privacy-Preserving Scheme for V2G Connection,”in Proc. IEEE Global Communications Conference (GLOBECOM), pp. 1-7, 2015. D. D. Giustina et al.,“Smart Grid Automation Based on IEC 61850: An Experimental Characterization,”IEEE Trans. Instrumentation and Measurement,vol. 4, pp. 2055-2063, 2015. Jianchao Zhang et al.,“Opportunities for Software-Defined Networking in Smart Grid,” Information, Communications and Signal Processing (ICICS),pp.1-5, 2013. K. Yuet al.,“A Key Management Scheme for Secure Communications of Information Centric Advanced Metering Infrastructure in Smart Grid 㧘 ”IEEE Trans. Instrumentation and Measurement, pp.20722085, 2015. A. B. Pedersen et al., “Facilitating a Generic Communication Interface to Distributed Energy Resources: Mapping IEC 61850 to RESTful Services,”Smart Grid Communications,pp.61-66, 2010. P. Staint-Andre. Extensible Messaging and Presence Protocol (XMPP): Core, IETF proposed standard, RFC3920, 2004. X. Lu , W. Lei, W. Zhang, “The Design and Implementation of XMPP-Based SMS Gateway”, Computational Intelligence, Communication Systems and Networks (CICSyN), pp.145-148, 2012. Smart Grid / Smart Market Communication based on IEC 61850-8-2 and XMPP. Smart Grid FORUM Hannover Fair [Online]. Available:http://www.nettedautomation.com/standardization/IEC_TC 57/wg17/HMI2015_SmartGridForum_Dawidczak_for_Blog_KHS.pd f, 2015. Müge Erel et al., “Scalability analysis and flow admission control in mininet-based SDN environment”, in Proc. Network Function Virtualization and Software Defined Network (NFV-SDN), IEEE Conference, pp. 18-19, 2015. Laura Victoria Morales, Andres Felipe Murillo and Sandra Julieta Rueda, “Extending the Floodlight Controller”, in Proc. Network Computing and Applications (NCA),IEEE 14th International Symposium, pp.126-133, 2015.