Vulnerability Assessment of

Phasor Networks

`

Terryl Dodson, Madeline Phillips – L&N STEM Academy

Xiangyu Niu

Abstract – Phasor networks transmit vital information about the energy grid, and

consist of data-collecting PMU’s, or phasor measurement units, that transfer the

information to data-consolidating PDC’s, or phasor data concentrators. We

conducted experiments that prove how vulnerable the network is to attack. This

vulnerability is an issue because the network’s data can be captured and

manipulated to conceal energy grid disturbances; the best solution to this issue

would be to encrypt the phasor networks.

I. INTRODUCTION

Phasor Networks are the data transmission method widely used across North

America’s energy grid. Sent through these networks is crucial information regarding the

energy grid’s operation: the status of the electrical waves using a universal time source.

This common timekeeper allows a standard to be applied to electrical waves from all

across the country. By monitoring the electrical waves on the grid, supervisors can tell if

there’s a power disturbance or outage anywhere, and take action to rectify this issue.

Additionally, researchers use the data from the phasor networks to make the grid more

efficient.

Phasor measurement units, or PMU’s, are located all across the energy grid.

These are the devices that collect the electrical wave information and transmit it back to

phasor data concentrators, or PDC’s. Many PMU’s connect to one PDC, creating a

phasor network. Unfortunately, the transmissions within phasor networks are entirely

unsecured, leaving all the information vulnerable to interception and manipulation. This

is an issue because attackers can easily penetrate the network and alter the data being sent

to the PDC’s. With this ability, they could inflict a variety of damage: anything from

concealing a power grid failure to changing the results of a researcher’s experiment.

II. LITERATURE REVIEW

We were provided with access to a Lynda.com account that we used to learn both

Python 3 and networking basics, such as the OSI and TCP/IP models. We also used

Google and YouTube to gain a fuller understanding of networking, with a focus on

phasor networks. We downloaded LiClipse, an IDE for Python 3, to practice

programming. After learning about RSA encryption, we wrote a program that would

encrypt and decrypt a user’s message using RSA (Figure 1).

Throughout the entire project, we became familiar with Kali Linux and programs

designed for it, such as Wireshark and Scapy. We were also required to become

comfortable with the operation of the Linux terminal, an understanding that is necessary

for many basic functions in the operating system. Overall, the project gave us a better

concept regarding the ways computers communicate with one another, and a higher

comfort level with the jargon relating to this communication.

III. METHOD

To start, we installed a PDC simulator on one computer and a PMU simulator on

a second one (The simulator we used: ipdc.codeplex.com). Then, we configured them so

that the PMU would send data to the PDC, and the PDC could control the PMU—just

like a real-world phasor network (See Figure 2).

RSA Encryption/Decryption (Figure 1)

PMU simulator sending data to PDC simulator (Figure 2)

Next, we configured Wireshark to only capture the transmission between the IP

addresses of the two computers, and we began the capture process. We instructed the

PDC simulator to both start and stop the data stream from the PMU. We were able to

successfully intercept the transmission. Afterward, we exported the PDC’s captured

command signals to a *.pcap file.

Now, we opened Scapy in the terminal and attempted to use it to re-send the

command signals to the PMU in order to disable it without a command from the PDC

(See Figure 3).

Sending command packets using Scapy (Figure 3)

Although we were able to successfully send the command packet, the PMU would

not accept or respond to it because the validation information had not been updated.

IV. RESULTS

Using Wireshark, we were able to capture the transmission from the PMU to the

PDC (Figure 4). This included the command signals and simulated electrical grid data.

We were also able to determine the IP/MAC address pairs for all the devices on the

network.

Although we were also able to use Scapy to send the captured command packets

to the PMU, it did not disable the PMU as intended, due to the fact that we had not fixed

the timestamp or re-calculated the checksums—necessary steps for the commands to pass

the verification steps.

V. DISCUSSION

As evidenced by our ability to capture the phasor network commands, its

unsecured attributes could pose a danger to the energy grid. First and foremost in

concern, attackers could intercept and manipulate the PMU’s data to conceal a

disturbance in the grid. On one hand, too much energy could be routed to one section of

the grid and attackers could falsify data to mask the transformer overload. The resultant

Data captured by Wireshark (Figure 4)

transformer explosions could result in millions of dollars of damage and only a ghost on

which to pin the blame. On the other hand, an accident or natural disaster could disable

electricity flow in a section of the grid, and similarly the data could be altered to look

stable. In this case, customers could face an extended power outage without the

knowledge of the power supplier, and the company’s reliability ratings might decrease. In

either scenario, the functionality of the energy grid is interrupted with monetary and

social consequences. Perhaps less damaging, but still concerning, instead of manipulating

data streaming from a PMU, an attacker could simply halt the operation of the PMU

using the captured control packets. Although such an attack would not be as insipid due

to supervisors’ ability to recognize the appearance of a problem after noticing the halt of

the data transmission, it would still prove to be an inconvenience in its disruption of the

grid’s data flow.

Second, an attacker could wreak major havoc in the results of a scientist or

researcher who is using data from the energy grid for any purpose: for example, a

researcher studying ways to make the grid more efficient by analyzing electrical waves. If

there were a spike in the energy grid and an attacker used their control over the

surrounding PMU’s to conceal the ripple effect across the grid, the researcher could draw

mistaken conclusions regarding the significance and impact of energy spikes. In effect,

the final product of the research could contain flaws that would make in an unviable

candidate for real-world implementation.

The best solution to this issue would be to encrypt the phasor networks. Though it

is impossible to stop attackers from being able to intercept data within the phasor

network, encryption could make it unusable and immutable to them. One common and

efficient method of encryption is the RSA cryptosystem. By using RSA, the data, control

commands, and IP/MAC address pairs on the network would be converted into

indecipherable numeric strings. Without the decryption formula, an attacker would be

helpless to understand the intercepted data, much less abuse it. RSA’s complex

encryption/decryption formula generation process and its being tailored specifically to

securing data transmissions make it the ideal fit for securing the currently vulnerable

phasor networks.

VI. CONCLUSION

At the start of this project, we intended to accomplish several objectives: first to

intercept the data transmission from the PMU to PDC, second to disable the PMU using

the captured control commands, and third to alter the intercepted data before sending it

on to the PDC. However, as we delved deeper into our research and began to understand

the operations of the systems better, we realized that the scope of our intended project

was much larger than the time we had to work with. Thus, we shortened the objective of

our project to simply capturing the data transmission, disabling the PMU, and suggesting

methods to secure the network. Although disabling the PMU turned out to be too

advanced for us due to our programming skills being too weak to recalculate checksums,

we were able to accomplish the other two objectives.

VII. ACKNOWLEDGEMENTS

Thank you to our amazing mentor Xiangyu Niu who devoted so much of his time

to help us understand our project.

This work was supported in part by the Engineering Research Center 

Program of the National Science Foundation and the Department of Energy 

under NSF Award Number EEC-1041877 and the CURENT Industry Partnership

Program.

VIII. REFERENCES

"Definition: Phasor Data Concentrator (PDC)." OpenEI. U.S. Department of Energy, n.d.

Web.

"Synchrophasor Applications in Transmission Systems." SmartGrid.gov. U.S.

Department of Energy, n.d. Web.

Weisstein, Eric W. "RSA Encryption." MathWorld. Wolfram Research, Inc., n.d. Web.