Publications

Abstract not provided.

Abstract not provided.

We present our research findings on the novel NDN protocol. In this work, we defined key attack scenarios for possible exploitation and detail software security testing procedures to evaluate the security of the NDN software. This work was done in the context of distributed energy resources (DER). The software security testing included an execution of unit tests and static code analyses to better understand the software rigor and the security that has been implemented. The results from the penetration testing are presented. Recommendations are discussed to provide additional defense for secure end-to-end NDN communications.

This document will detail a field demonstration test procedure for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation procedure for field demonstration of the device; this includes primarily functional testing and implementation testing at Public Service Company of New Mexico's (PNM's) Prosperity solar site environment. Specifically, the Module OT devices will be integrated into the Prosperity solar site system; traffic will be encrypted between several points of interest at the site (e.g., inverter micrologger and switch). The tests described in this document will be performed to assess the impact and effectiveness of the encryption capabilities provided by the Module OT device.

As the power grid incorporates increasing amounts of distributed energy resources (DER) that provide new generation sources, new opportunities are created for improving operation of the grid while large challenges also arise for preserving grid reliability and security. To improve grid performance, DERs can be utilized to provide important support functionality, such as supporting frequency and voltage levels, especially if they are assisted by communication schemes as part of an advanced distribution management system (ADMS). Unfortunately, such connectivity and grid support functionality also creates additional cyber security risk with the potential for degradation of grid services, especially under conditions with high amounts of distributed generation. This paper will first discuss the communications needed by DERs to support system and interoperability objectives, as well as the security requirements and impact of securing these communications. Some common security mechanisms are discussed in relation to DERs, and a simulated 15-bus model of a distribution feeder is used to demonstrate aspects of the DER communications and impact to grid performance. These results help to advance understanding of the benefits, requirements, and mechanisms for securely implementing DER communications while ensuring that grid reliability is maintained.

This document will detail a test procedure, involving bench and emulation testing, for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation protocol for the module for lab-level testing; this includes checklists and experiments for information gathering, functional testing, cryptographic implementation, public key infrastructure, key exchange/authentication, encryption, and implementation testing in the emulation environment.

Abstract not provided.

In this study we review literature on machine to machine (M2M) authentication and encryption pertaining to communication with grid-attached power inverters. We regard security recommendations from NIST, constrained device recommendations from CoAP, as well as influences from the existing markets. We will not focus on passwordless or multifactor schemes of user authentication, the handover/roaming authentication of mobile systems, or the group authentication of WiMAX/LTE communications. The de-facto standards for authentication and encryption are certificate-based public key cryptography and AES, respectively. While certificate-based public key cryptography is widely adopted, certificate management is seen as an Achilles heel of public key infrastructure (PKI). State of the art authentication system research includes work on certificateless authentication; however, much work in the areas of privacy preservation, efficient or lightweight systems continue to be based in public key methods. We will see efforts such as bilinear pairing, aggregate message authentication codes, one-time signatures, and Merkle trees surface and resurface with improved authentication approaches. Though research continues to produce new encryption schemes, AES prevails as a viable choice, as it can be implemented across a variety of resource constrained devices. Other lightweight encryption algorithms often employ the same fundamental addition-rotation-xor operations as AES while achieving higher efficiency, but at steep tradeoffs to security. Despite mathematical proofs of the security of cryptographic algorithms, in practice the greatest weaknesses continue to be incurred during implementation. Security researchers will find edge cases and bugs that allow unintentional behavior. In the following sections, accepted methodologies of authentication and encryption are discussed. Due diligence for securing M2M communications requires consideration during planning, design, implementation and product lifetime, as opposed to a set-it and forget-it policy. Best practices can be gleaned from published successes and failures, with no single end-all, be-all detailed solution.

Abstract not provided.

Penetration of distributed energy resources (DERs) is rapidly increasing in the bulk power system (BPS); they are growing to be a significant portion of generation. As such, grid-support capabilities are being developed and implemented. However, as their presence increases, the impact of DERs on the BPS also increases. Therefore, if a disturbance occurs in the DER system, its effects could propagate throughout the BPS. These disturbances could range from equipment malfunctions to resource variability to cyber attacks.

Penetration of distributed energy resources (DERs) is rapidly increasing in the bulk power system (BPS); they are growing to be a significant portion of generation. As such, grid-support capabilities are being developed and implemented; IEEE Std. 1547 mandates new interconnection and interoperability standards to achieve these capabilities and allow remote users to change behaviors to many devices. However, as their presence increases, the impact of DERs on the BPS also increases. Therefore, if a disturbance occurs in the DER system, its effects could propagate throughout the BPS. These disturbances could range from equipment malfunctions to resource variability to cyber attacks. This document will discuss general requirements needed for developing a distributed cryptography module for implementation in DER systems. First, we will examine the composition of DER systems in Section 2. Procedures to identify critical assets and the security of DERs is discussed in Section 3. Section 4 introduces cryptography concepts and Section 5 discusses implementation needs and options. Finally, practical considerations are provided in Section 6 and conclusions are provided in Section 7.

Abstract not provided.

Abstract not provided.