Event-Oriented Dynamic Security Service forDemand Response in Smart Grid Employing MobileNetworks

著者 GUO Longhua, DONG Mianxiong, OTA Kaoru, WU Jun, LI Jianhua

journal orpublication title

China communications

volume 12number 12page range 63-75year 2015-12URL http://hdl.handle.net/10258/3840

doi: info:doi/10.1109/CC.2015.7385529

Event-Oriented Dynamic Security Service for DemandResponse in Smart Grid employing Mobile NetworksGuo Longhua1, Dong Mianxiong*2, Kaoru Ota2, Wu Jun1, Li Jianhua11 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China2Department of Information and Electronic Engineering, Muroran Institute of Technology, Japan

Abstract: Equipped with millions of sensors andsmart meters in smart gird, a reliable and resilientwireless communication technology is badly needed.Mobile networks are among the major energycommunication networks which contribute to globalenergy consumption increase rapidly. As one of coretechnologies of smart grid employing mobilenetworks, Demand Response (DR) helps improvingefficiency, reliability and security for electric powergrid infrastructure. Security of DR events is one of themost important issues in DR. However, the securityrequirements of different DR events are dynamic forvarious actual demands. To address this, anevent-oriented dynamic security service mechanism isproposed for DR. Three kinds of security servicesincluding security access service, securitycommunication service and security analysis servicefor DR event are composited dynamically by thefine-grained sub services. An experiment prototype ofthe network of State Grid Corporation of China(SGCC) is established. Experiment and evaluationsshows the feasibility and effectiveness of the proposedscheme in smart grid employing mobile network.

Key words: mobile network, event-oriented, securityservice, Demand Response (DR), publish/subscribe(pub/sub)

I. INTRODUCTION

With the development of automated control andmodern communications technologies, the smart gridbrings improved efficiency, reliability and safety forelectric power grid infrastructure [1-3]. As adistributed architecture, smart grid controls a largenumber of distributed energy devices includingsensors and smart meters through the communicationnetwork. The employment of mobile networksprovides global and flexible communication withreliability and resiliency [4-6]. As one of coretechnologies of smart grid employing mobile network,Demand Response (DR) can assist users to optimizepower use and help reducing peak demand [7-8].Smart grid employing mobile networks are able to buyelectricity from different power generators accordingto energy market information and optimize their BSoperation to minimize their operating expenses. Using

DR, power systems contribute to CO2 emissionreduction through reducing the rating of generatorswhich is required to provide peak demand andspinning reserve [9-10].As a distributed architecture, DR controls a large

number of distributed energy resource through themobile communication network. Mobile networkcommunication technology is utilized for gathering,assembling and synthesizing data provided by variousrelated hardware and software. The messagestransferred using mobile network contain powernetwork run data, device state data, measurement data,control data and so on, which set a significantfoundation for DR. However, the increased use ofsmart devices and commercial software render DRcommunication employing mobile network vulnerableto diverse cyber-attacks. Security service forcommunication in DR is badly needed to fight againstthe increased cyber-attacks which impacts on theperformance of DR [11]. Assuming that DR controllercontrols the electrical end devices through the controlcommands, the security of communication affectsboth the normal running and the effectiveness of DRperformance. Meanwhile, DR programs typically havelimits on the number and timing of events that may betriggered for a selected group of customers [12]. A lotof existing works focused on DR events [13-15]. Inaddition, the consumers and security requirements ofdifferent DR program are various according to theactual demand. Thus static security services cannotdeal with the requirements of dynamic service of DR.When the service is requested, it is very important tocomposite the security services dynamically accordingto the security requirements of the DR event.In area of smart grid, many researchers have

worked on solving the security problems. The worksin [5, 16] propose an Efficient Privacy PreservingDemand Response scheme with adaptive keyevolution which achieves forward secrecy againstprivacy attacks. The work in [17] proposed a randomspread spectrum based scheme to solve physicalsecurity which can achieve both fast and robust datatransmission. The work in [18] identifies a variety ofpractical loads to avoid grid device from device attackwhich comprise devices to abruptly increase load tocause circuit overflow. The works in [19-21]concentrate on the security problem existing in thecommunication of smart grid. As for DR in smart grid,

some existing works have focused on the design andimplementation of DR communication to pursuebetter performance in energy efficiency [22],communication cost [18], reliability [23] and so on.However, the security service of DR has not attractedenough attentions in the previous work which can’tmeet the security requirements against the evolvingcyber-attack.In this paper, event-oriented dynamic security

service for smart grid employing mobile network isproposed to enhance the security of DR event. Threekinds of security services including security accessservice, security communication service and securityanalysis service for DR event are provided to protectthe system composited dynamically by thefine-grained sub services. The composition servicesdeliver appropriate services to electricity suppliers andusers according to actual security condition.Experiment and evaluations show the feasibility andeffectiveness of the proposed scheme. The remainderof the paper is organized as follows. Section IIdescribes the background related to this paper. SectionIII presents proposed security service mechanismarchitecture for DR event. In section IV, the details ofproposed security service are given, followed by theimplementation system in section V as well asevaluation in section VI respectively. Finally, we drawour conclusion in section VII.

II. BACKGROUND

2.1 DR program architecture employing mobilenetwork

Fig.1: .Schematic diagram of DR program

Figure 1 illustrates the schematic diagram of the DRcommunication employing mobile network. Theelectricity customers participate in the DR programthrough the utilization of smart device controllerwhich controls the electrical devices. The utility worksas DR engine and forecasts electricity load accordingto the network model, regulator/market and operatorworkstation. According to the electricity supplier, theDR engine may provide the output containing thecontrol commands for directly controllable loads,demand reduction signals for interruptible loadsand/or update electricity rates for voluntary demandreduction depending on the various program types thecustomers are subscribed to [24]. The DR engineworks with the help of the load forecast module which

forecasts the future demand globally. The devices areconnected using mobile networks for gathering,assembling and synthesizing data provided by variousrelated hardware and software.

2.2 Security risksWith the evolvement of cyber-attacks, DR faces

serious security risks. The security risks of DRcommunication are subject to several factors, such aseavesdropping, launching security attacks and so on[25-26]. For example, the malicious or pseudo nodesmay acquire and analysis the electricity usageinformation to expose customers’ habits and behaviors,which invades customers’ privacy. As for themalicious nodes inside DR program, they may be thelegitimate nodes who have access to the network.However, they eavesdrop passively rather thanconducting active attacks. As for the pseudo nodesoutside the DR program that aren’t authorized toaccess the network, they eavesdrop and decrypt thepackets to steal useful information of the program.When launching security attacks, malicious or pseudonodes are actively involved in networking protocols.They may launch various attacks such as dropping,redirecting or changing the contents of packets. As aresult, the DR communication is confronted withsecurity challenges which deserve security protection.

2.3 Security requirementsWith the development of DR technology,

communication systems with better networkconnectivity are demanded, which consequently leadsto the increasing complexity. To fight against theevolving cyber-attacks, protection is required tosecure the DR communication.The security requirements mainly focus on

authentication, integrity, confidentiality, non-repudiation, access control, authorization, etc.Authentication is related to the identification of thecommunication participators. Integrity is concernedwith protecting messages against modification ordestruction. Confidentiality refers to the protection ofinformation sent to the appropriate entity.Nonrepudiation helps preventing deny of messagesenders afterward. Access control deals with themanagement and allocation of the entities’ permission.Authorization ensures that only authorized nodes haveaccess to the resource.

III. PROPOSED SECURITY SERVICEMECHANISM

In the DR program, different DR event demands fordifferent security requirements. Event-orienteddynamic security service is provided to enhance thesecurity of DR event. A comprehensive set on the

basis of DR Service Bus is utilized in the proposedmechanism as shown in Fig.2. In addition to theoriginal Applications (APPs), Business ActivityMonitoring (BAM), Rules and Tasks, security serviceprotects the DR event with Service Manager andService Composition. Security management towardsDR event relies on the three major security servicesincluding Security Access service (SA), SecureCommunication service (SC) and DR event analysisservice (EA). Service Manager provides centralizedmanagement of original service and additionalsecurity service such as versioned, private and publicservice types in the DR. It includes a Service Registryand a Service Repository which enables versioningand reuse of service types, and a Service Dispatcherproviding publish/subscribe (pub/sub) communicationframework.

Fig.2: Proposed security service mechanism for DRprogram.

Security service extends original services with thecapability to enhance the DR program from DR eventto information communication. The three majorsecurity services are provided to protect the systemachieved by the fine-grained sub services under thedispatch of service manager, service composition andservice selection as shown in Fig.3. Considering thesecurity requirements of the proposed mechanism,Security Access service towards demand side probesthe security related data from the electricity supplier.Access control method is utilized to allocatepermission based on the probed data. Thecommunication between utility and smart devicecontroller is transferred based on pub/sub patternusing encryption algorithm. The mechanism requiresmutual authentication and generates a group of keysacknowledged by both sides of communication.Username/password token with help of dynamicpassword provides a more secure authentication. Inaddition, DR event analysis service towards responseside is concerned with the truthfulness of decryptedDR event information. Rough set theory based SVMalgorithm is utilized to identify the truthfulness of DRevent. The electricity loads will run according to theanalysis result in case the malicious or pseudo nodesdisarrange the DR program.

Fig.3: Basic idea of proposed security service.

IV. DESIGN OF PROPOSED SECURITY

4.1 Security Access serviceWith the development of information technologyequipment in DR, it faces increasing vulnerable risks.In the proposed mechanism, Security Access serviceallocates and manages permissions of creating DRevent according to the security condition. As shown inFig.4, security assessment service is integrated intoRBAC service to control the access efficiently. As asecure access control mechanism, RBAC has beenwidely applied for the concept “role” which makes itconvenient to allocate and manage permission.Security Assessment service calculates the threatvalue which provides the basis for mapping electricitysupplier to the executable role.

Fig.4: Proposed DR Security Access Service.

In order to assess the security of electricity supplier,security detection is launched to detect the suspiciousactions which may cause cyber-attack to the DRproject. Suspicious actions in process operation, fileoperation, registry operation, network operation andvulnerability exploitation are taken into considerationto calculate the threat value. Vulnerabilities of theservice, weights and ages of the vulnerabilities aretaken into consideration when measuring the risk levelof threat. The Equation (1)-(4) are referred to theDRAFT CVSS v2.10 Equations [27] defined inNational Vulnerability Database organized byNational Institute of Standards and Technology(NIST). As shown in Equation (1), the threat value Vof each suspicious action is related to the Impactmetric I and the Exploitability metric E.

0.1 (0.6 0.4 1.5) ( )V I E f I (1)The impact metric I is decided by the following three

elements：Confidentiality Impact CI, Integrity ImpactII and Availability Impact AI. The exploitabilitymetric can be calculated using three elementsincluding Access Vector AV, Access Complexity ACand Authentication A.

10.41 1 (1 ) (1 )I CI II AI （1- ） (2)

20E AC A AV (3)

What’s more, f(I) equals to 0 if I is 0; otherwise, f(I)equals to 1.176.

0, 0( )

1.176,I

f Iotherwise

(4)

A combination of V for all n suspicious actions existedin the electricity supplier es is defined in Equation (5)[28]. S(es) calculates the vulnerability threats for allsuspicious actions ai existed in es.

1

1( ) ln( exp( ( )))n

ii

S es V an

(5)

Based on the threat value calculated in Equation (5),an executable role is assigned to the electricitysupplier. Assignment between the electricity supplierand role is a many-to-one relationship. Permissionsare divided into two dimensions: data permission andfunctional permission. Permission indicates theauthorization of executing the operation in theprotected system and data resource. Operation meansvarious command executed in the data resource, suchas reading, writing, adding, deleting and so on.Session is a dynamic concept and it’s establishedwhen the electricity supplier activates some or all thegranted roles. Constraint with the separation of duty isused to control assignment operation and avoidconflict.

4.2 Security Communication serviceAs a distributed architecture, DR system controls alarge number of distributed energy resource throughthe mobile communication network. DR event istransferred under the protection of securitycommunication service. The communication servicebased on pub/sub service is shown as Fig.5.Pub/sub pattern is used in the communication to

acquire greater network scalability and a moredynamic network topology. In the security association,the mutual authentication service towards demandside and response side is designed based onusername/password in addition of dynamic password.The purpose of key distribution service is to initializecommunication and update secret key distributed tothe participators. The content is encrypted by secretkey and exchanged in the form of ciphertext untilrelease. The subscribers who are the members of

targeted role can decrypt the ciphertext withprivatekey and acquire the content. Electricitysuppliers and electricity users are severed aspublishers or subscribers respectively.

Fig.5: Proposed security communication service

Fig.6: Proposed security communication protocolThe secure communication protocol is shown in

Fig.6. The symbols used in the protocol are explainedin Table I. In the security association, a chg is achallenge number that created randomly. Chg iscreated and distributed to DR participators. The newpassword is calculated using hash function towards acombination of original password and chg. In order torealize the goal of making the informationcommunication secure in the public Internet, thecreated time of message T is added to resist againstthe replay attack. Publisher computes the digital digestfor request parameters with created time messagebased on hash based message authentication code(HMAC). Original message M together with T andHMAC (M) are sent to subscribers. Subscribersderives M as well as T and computes HMAC (M)’

using HMAC algorithm and verify HMAC (M) andHMAC(M)’.In the secure communication, a group-wise key

distribution service based on KCT (Key-Chain Tree)is adopted with self-healing ability [29-30].Initialization phase, broadcast phase and key recoveryphase is the three major parts to realize the basicfunction in the scheme. When participators roles arechanged after DR Security Access Service, keyupdating phase is implemented. Self-healing phaseworks in case of broadcast packets loss to someparticipators.In the initialization phase, maximum number of

participators is denoted by N. Group managerconstruct a KCT and N-1 two-way hash chains. Underthe assumption that there are s logical participators inthe network when initialization, group manager putsall s participators in the first s leave in the tree. Theparticipators from leaf to root are associated with logNtwo-way hash chain. The keys in the associatedtwo-way hash chain are treated as the participatorsprivate key and sent to them by group manager. Theremaining N-s leave are distributed to the initiatemembers in the future. In the broadcast phase, sessionkeys need to be updated. Logical participatorscalculate the encryption key using existing private keythrough hash function. Group manager find out theencryption keys from the N-1 two-way hash chains.The broadcast packet is constructed in considerationof revoked and illegal participators. In the keyrecovery phase, the participators acquire the locationof encryption session key in the KCT and get theencryption key through hash chain. The key will berecovered after decryption.When the group of participator changes, it is treated

as an initiate member of the new role group. Groupmanager put it in the position of the first remainingleaf and distribute corresponding private key. A newround of session starts with group manager’sreselection of session key and encryption session key.In case of broadcast packets loss to some participators,self-healing phase can recover the session keyaccording to the previous and after broadcast packet.Participator can acquire the position of encryptionsession key in the KCT and encryption key.Associated with the previous and after broadcastpacket, the session key can be recovered.

4.3 Security Analysis service for DR eventIn the DR program, DR event entity contains a

series of related DR information. An examinationtowards decrypted DR event is necessary in thesecurity service. In the proposed scheme, rough settheory based SVM service is utilized to identify the

truthfulness of DR event.In a DR event, there is detailed information to

describe the DR program. Utility Program describesthe information about DR program including name,time, participant, executing level and so on describehow to management and execute the program from thepoint of electricity company and user. Event InfoType, a part of Utility Program, describes informationtype in detail such as real-time electricity price, loadreduction or transfer and so on. Participant Accountdescribes all the information related to the participant.The attributes include participant name, qualificationcertificate, reference group and participant program.One of the most important and typical information

for electricity users is the changed electricity load.The number of changed load power is related to DRevent, such as time, executing level, real-timeelectricity price and so on. The proposed schemecalculates linear correlation coefficient to measure thedegree of correlation to select the appropriate data.The calculate equation is shown in Equation (6).

1

2 2

1 1

( )( )C

( ) ( )

N

i ii

N N

i ii i

P P X X

P P X X

(6)

Where C donates the correlation coefficient, Pi, Xi

donates the power and feature X of the ith DR eventrespectively. P and X donates the average of the Ntimes DR events. The training data is selectedaccording to the correlation coefficient. The highernumbers indicate improved performance.Avoiding the traditional process from induction to

deduction, SVM realize transduced inference from thetraining examples to the prediction examplesefficiently, which greatly simplify the generalclassification and regression. Extracting features fromtraining examples is the first step. Without derivingweights of networks from the training data, securityanalysis service captures the geometric characteristicsof feature space. What’s more, it is capable ofextracting the optimal solution with small trainingdata. According to the calculation of correlationcoefficient, several suitable dimensions of data arechosen. Hyperplane represents the division boundarywith which we can classify the DR events accordingto these chosen attributes [31]. Hyperplane can bedefined as follows:

F( )x W X b (7)Where W denotes the weight vector, W=

{w1,w2,… ,wm}, b is bias scalar. The training data is aset of m-dimensions data defined as follows: X = (x1,x2, …, xm). x1, x2, …, xm represents the actual value ofthe m attributes. b can be treated as an extra weight w0.

The hyperplane can be rewritten as follows:

01

F( )m

i ii

x w w x

(8)

Convex quadratic optimization algorithm is adoptedto search the Maximum Marginal Hyperplane (MMH).A division boundary can be written according to theMMH as follows:

01

( )m

T Ti i i

id X y X b

(9)

Where i and b0 is determined in the process ofoptimization. To classify all the training data, themargin of separation (2 /||w||) needs maximum. In theproposed scheme, the training data makes a differenceto the training process due to over fitting. Each datapoint is assigned in the dataset with a membership todecrease the influence of outlier noises. Besides, thedeviations are summed. The data point will beassigned with a low membership if it is detected as anoutlier. As a result, it makes less contribution tototal error term. Different from the equal treatment instandard SVM, the proposed scheme fuzzifies thepenalty term for the purpose of reducing thesensitivity of less significant data points.According to the classification of rough set theory

based SVM, the smart device control distinguish thedecrypted DR event’s truthfulness. Avoiding the fakeDR event’s attack, the DR participators can protecttheir system using the rough set theory based SVM.

4.4 Dynamic security service compositionService composition is one of central part resides

the architecture as shown in Fig.7. The event-orienteddynamic compositive services realize and deliverappropriate services to electricity suppliers and usersbased on the security condition. Regardless of thehosting device, hardware and operating system, theservice discovers module detects and communicateswith each device including network devices,electricity devices and meters universally. Theinformation of each device is collected and analyzedin the additional security service [32].

Fig.7: Security requirement based service compositionExcepting satisfying the demand of system in the

composition service, security attributes are also takeninto consideration. The security information is appliedin the process of service composition. The securityinformation can be treated as constraint to search forthe optimal service composition.The security requirement of different DR

program is various according to the actual demand.Security requirement based service compositionstrategy helps providing different service towardsvarious security requirements. When the service isrequested, the most appropriate service compositiontemplate is searched according to the request andsecurity requirements. If the template can’t satisfythe request, the service composition changes basedon the template. Small change of servicecomposition will satisfy the different securityrequirements. The decrease of service searchingtime and matching calculation will improve thealgorithm efficiency. The generated template willadd to the template database. The appropriateservice composition will be searched in thedatabase if the request faces similar securityrequirements, which avoids repetitive execution ofthe service composition logic.

V. IMPLEMENTATION OF THE SECURITYSYSTEM

To bring out the security service between demand sideand response side, the structure of the implementationis designed as shown in Fig.8. In addition to theoriginal electricity service like electricity productionand consumption, Security Access service is achievedbased on the sub services including data probe service,Security Assessment service and RBAC service.RBAC granted roles as publisher or subscriber withproper permission. As a commonly used method inpower system, username password token provides apractical and secure authentication with the help ofdynamic password in Security Communication service.Encryption and decryption algorithm contributes tothe implementation of integration required in DR. Keydistribution set a foundation to the securecommunication. Pub/sub pattern adopt in thecommunication acquires greater network scalabilityand a more dynamic network topology. Cryptographicalgorithm ensures the communication security. Afterdata selection service, SVM acquire the classifiedresult through analyzing the features extracted fromthe examples.The service layer is the core part in the DR program

service implementation which provides services forsmart client and achieves business service as well as

business process logic. The original electricityservices provide functional services such as electricityproduction, electricity consumption, etc. Theadditional security services protect the DR program.The data layer acquires and processes data to supportupper layers in database or data collection section.

Fig.8: Proposed structure of the implementation

VI. EXPERIMENT AND EVALUATIONS

As required in section II, username password with thehelp of dynamic password contributes toauthentication service identifying electricity suppliersand users. As a classical access control algorithm,RBAC service ensures entities with properpermissions. Security assessment works as the basisfor granting electricity supplier permissions. In thecommunication, HMAC algorithm helps achievingintegrity and nonrepudiation of the messages. Securityassociation helps achieving the function of dynamicpassword and meets the requirements ofauthentication, integrity, confidentiality andnonrepudiation. Key distribution set a foundation fordecryptionalgorithm to achieve the confidentialityauthorization of messages. The content is publishedwith the requirements ofintegrity, confidentiality andnonrepudiation until release.

6.1 Security access serviceTo evaluate the performance of the proposed

security access service for DR, we performedexperiments in the network of State Grid Corporationof China (SGCC). The network topology in SGCC isshown in Fig.9. Intranet office section is criticallydominated for it supports the company’s managementinformation business including DR. Intranetproduction section achieves the basic electricityproduction, consumption and so on. Although thenetwork security isolation device and firewallexamine the information flow between Internet andintranet, there still exists risk of flow with malicious

code transported into the intranet. Therefore, it’snecessary to monitor and analysis the network flow inthe data exchange interface between intranet andInternet. Security management device connects to thecore switch and analysis the mirror network flow.Security management device reorganizes the abnormalbehavior and restores the potential threats in thenetwork.

Fig.9: The experiment network topologyIn the security management, File Transfer Protocol

(FTP) is utilized to transfer the sample test file. Thecore switch set up a mirror port as the monitor port. IPaddress, subnet mask and gate way are set to 0.0.0.0while the interface type is set to “Monitor”. Thesecurity management device connects to the mirrorport. IP address, subnet mask and gate way are set to193.168.2.1, 255.255.255.0 and 192.168.2.254respectively. The interface type is set to“Management”. Three methods are used to detectsecurity threat including virus detection, staticdetection and dynamic detection.Virus detectioncompares the features between the system files andthe virus file. Static detection detects the maliciousfile with unknown features and the encoded shellcode.The dynamic detection finds out the suspicious actionthrough the virtual execution technology.In the experiment, the dynamic detection result is

shown as Table II. Five types of suspicious dynamicactions are detected including process operation, fileoperation, registry operation, network operation andvulnerability. According to the computing method inEquation (1), the threat score is listed. S(es)=0.223 ascalculated using Equation (5). Based on the threatvalue, a corresponding executable role is assigned tothe electricity supplier. Permission is assigned to theelectricity supplier. Permission indicates theauthorization of executing the operation in theprotected system and data resource. For the existedsecurity threat, data permission and functionalpermission are limited. Operation means variouscommand executed in the data resource, such as

reading, writing, adding, deleting and so on. As forproduction data collecting operation, the permissionscontain read, write, save and so on. The permissionsin project management operation include read, write,upload, check, examine and approve. Correspondingexecutable role and permissions differ along with thechange of threat value.

Table IIResult of dynamic detection

Dynamic actionNumber of suspicious

actionsThreatscore

Process operationFile operation

Registry operationNetwork operation

Vulnerabilityexploitation

4126581

2510

0.450.370.530.120.68

6.2 Complexity evaluation and comparison ofsecure communication serviceBesides the security requirements, complexity

evaluation including communication, computation andstorage overhead is discussed. The comparison of ourwork with others is shown in Table III.Communication overhead is composed of broadcastpackets in each session. Broadcast packets Bi consistsof Bi1 and Bi2. Bi1 donatestheciphertext of the sessionkey. The length of Bi1 equals to the key length of theencryption algorithm. Bi2 marks the position ofencryption key in the KCT which occupies just a fewbits. The overhead of Bi2 is negligible comparing withthe overhead of Bi1. The communication overhead ofour work is ( )O m where m donates the amount of thesubscribers. Calculating times of hash function areused to evaluate the computation overhead. Thecomputation overhead of our work is ( )O m . In theinitialization of the communication, the groupmanager maps the nodes to the leaves of KCT. Eachnode is associated with logN two-way hash chainsfrom leaves to root, which works as the private keysof the nodes. The number of private keys stored ineach node is 2logN. As a result, the storage overheadof our work is ( log )O m N .

The work in [33] and [34] proposed a security keymanagement and data aggregation in smart grid andwireless sensor networks respectively. In [33], a novelkey management scheme which combines symmetrickey technique and elliptic curve public key techniqueare proposed based on the Needham-Schroederauthentication protocol. Communication, computationand storage overhead are ( )O N where N donates allthe nodes in the network including sensors, collectorsand aggregators. In [34], a node X has to computeO(uvx) hash functions to acquire u synopses, where vx

is X’s sensed value. A node X randomly selects these k

MACs from the pool received from its c child nodesor generated by itself. The communication overhead isO(uk).

Table IIIComparison of our work with others

MechanismsCommunication

overheadComputationoverhead

Storageoverhead

Our work ( )O m ( )O m ( log )O m N

[33] ( )O N ( )O N ( )O N[34] ( )O uk ( )xO uv ( )O kc

Compared with other works, our work provides acomplete security mechanism from association torelease while others work on securing dataaggregation for verification. Publishers who broadcastinformation don’t concern about who subscribes totheir information in the content exchange step. Theformer steps which authenticate and grant access toeach subscriber make the content exchange easier andmore flexible. The security mechanism designed forthe pub/sub based communication simplifies thecontent publication at a price of implementationcomplexity and extra overhead. The more contentexchanged each time, the less average extra overheadthe mechanism will cost. The flexibility and securityof communication is achieved at the cost of extrastorage overhead.

6.3 Security Analysis of DR eventIn the DR event analysis service, rough set theory

based SVM service is utilized to classify the pseudoDR event. Optimal margin hyperplane H which isconstructed in the sample space achieves themaximum distance between the hyperplane andsample sets. Therefore, SVM has global optimalityand good generalization with simple structure. Roughset theory applied in the data classification canefficiently process the uncertainty sample like noise.Rough set theory based SVM uses upper

approximate set, lower approximate set and boundaryregion represent two types of sample set. Becauseboundary region allow classification error in thecertain degree, the algorithm provides good semanticinterpretation and efficiently process the uncertaintysample. Two types of sample found in the boundaryregion make the absolute value of discriminantminimum. DR event analysis dispenses the categoryof searching for the optimal penalty coefficient, whichavoids excessive regression. The utilizationof loop iteration algorithm to search for properparameter b achieves better performance of SVM.Therefore, the application of rough set theory basedSVM in DR event analysis is efficient and feasible.

VII. CONCLUSIONS

In this paper, an event-oriented dynamic securityservice mechanism for smart grid employing mobilenetwork was proposed to extend original services withthe capability to enhance the DR program. The threekinds of security services which includes securityaccess service, security communication service andsecurity analysis service for DR event are provided toprotect the system achieved by the fine-grained subservices. Security Access service utilizes RBACalgorithm on the basis of threat analysis result toallocate and manage permission. SecurityCommunication service based on pub/sub patterncontains the following parts: security association, keydistribution, content publication and release. Inaddition, DR Event Analysis service deals with thetruthfulness issue of decrypted DR event information.The composition services to DR based on the securitycondition deliver appropriate services to electricitysuppliers and users. Experiment and evaluationsshows the feasiblity and effectiveness of the proposedscheme.

AcknowledgementsThis work is supported by National Natural Science Foundationof China (Grant No. 61401273 and 61431008), DoctoralScientific Fund Project of the Ministry of Education of China(No. 20130073130006).

References

[1] v. C. GUNGOR, B. LU, G.P. HANCKE. Opportunities andChallenges of Wireless Sensor Networks in Smart Grid[J]. IEEETrans. Ind. Electron., 2010, 57(10): 3557-3564.

[2] P. SIANO, C. CECATI, C. CITRO, P. SIANO. Smart Operationof Wind Turbines and Diesel Generators According to EconomicCriteria[J]. IEEE Trans. Ind. Electron., 2011, 58(10): 4514-4525.

[3] V. GUNGOR, D. SAHIN, T. KOCAK, S. ERGUT, C.BUCCELLA, C. CECATI, G.HANCKE. Smart GridTechnologies: Communications Technologies and Standards[J].IEEE Trans. Ind. Informat., 2011, 7(4): 529-539.

[4] S. BU, F. R. YU. Green Cognitive Mobile Networks With SmallCells for Multimedia Communications in the Smart GridEnvironment[J]. IEEE Transactions on Vehicular Technology,2014, 63(5): 2115-2126.

[5] S. HORSMANHEIMO, N. MASKEY, L.TUOMIMAKI.Feasibility Study of Utilizing Mobile Communications for SmartGrid Applications in Urban Area[C]// Proceedings of InternationalConference on Smart Grid Communications(SmartGridComm’14). Venice: IEEE Press, 2014:440-445.

[6] T. HAN, N. ANSARI. Smart Grid Enabled Mobile Networks:Jointly Optimizing BS Operation and Power Distribution[C]//Proceedings of International Conference on Communications(ICC’14). Sydney, NSW: IEEE Press, 2014:2624-2629.

[7] A.J. ROSCOE, G. AULT. Supporting High Penetrations OfRenewable Generation via Implementation Of Real-TimeElectricity Pricing And Demand Response[J]. IET RenewablePower Gener.2010, 4( 4): 369-382.

[8] S. LI, D. ZHANG, A.B. ROGET, Z. O’NEILL. Integrating HomeEnergy Simulation and Dynamic Electricity Price for DemandResponse Study[J]. IEEE Trans. Smart Grid, 2014, 5(2): 779-788.

[9] D.T. NGUYEN, M. NEGNEVITSKY, M. DE GROOT.Pool-based Demand Response Exchange Concept andModeling[J]. IEEE Trans. Power Syst. 2011, 26(3): 1677-1685.

[10] P. FARIA, Z. VALE, J. SOARES, J. FERREIRA. DemandResponse Management in Power Systems using a Particle SwarmOptimization Approach[J]. IEEE Intell. Syst. 2013, 28(4): 43-51.

[11] L. ZHENG, N. LU, AND L. CAI. Reliable WirelessCommunication Networks for Demand Response Control[J].IEEE Trans. Smart Grid, 2013, 4(1): 133–140.

[12] W. CHEN, X. WANG, J. PETERSEN, R. TYAGI, AND J.BLACK. Optimal Scheduling of Demand Response Events forElectric Utilities[J]. IEEE Trans. Smart Grid. 2014, 4(4): 2309-2319.

[13] Z. DARABI, M. FERDOWSI. An Event-Based SimulationFramework to Examine the Response of Power Grid to theCharging Demand of Plug-In Hybrid Electric Vehicles[J]. IEEETrans. Industrial Informatics. 2014,10(1): 313-322.

[14] P. FARIA, Z. VALE, H. MORAIS. Study of Distribution NetworkDemand Response Events in the Portuguese System[C] //Proceedings of Power and Energy Society General Meeting, SanDiego, CA: IEEE Press, 2012: 1-8.

[15] Y. WANG, I. R. PORDANJANI, W. XU. An Event-DrivenDemand Response Scheme for Power System SecurityEnhancement[J]. IEEE Trans. Smart Grid,2014, 2(1): 23-29.

[16] J. XIA, Y. WANG. Secure Key Distribution for the Smart Grid[J].IEEE Trans. Smart Grid. 2012, 3(3): 1437-1443.

[17] EUN-KYU LEE, MARIO GERLA, SOON Y. OH. Physical LayerSecurity in Wireless Smart Grid[J]. IEEE Comm.,2012, 50(8):46-52.

[18] A.H. MOHSENIAN-RAD and A. LEON GARCIA. DistributedInternet Based Load Altering Attacks Against Smart PowerGrids[J]. IEEE Trans. Smart Grid, 2011, 2(4): 667-74.

[19] X. LI, X. LIANG, R. LU, H. ZHU, X. LIN, X. SHEN. SecuringSmart Grid: Cyber Attacks, Counter measures and Challenges[J].IEEE Commun., 2012, 50(8).

[20] K.J. ROSS, K.M. HOPKINSON, M. PACHTER. Using aDistributed Agent Based Communication Enabled SpecialProtection System to Enhance Smart Grid Security[J]. IEEE Trans.Smart Grid, 2013, 4(2): 1216-1224.

[21] E. LEE, M. GERLA, S.Y. OH. Physical Layer Security inWireless Smart Grid[J]. IEEE Commun., 2012, 50(8): 46-52.

[22] L. ZHENG, S. PARKINSON, D. WANG, L.CAI, C.CRAWFORD. Energy Efficient Communication NetworksDesign for Demand Response in Smart Grid[C]// Proceedings ofInternational Conference on Wireless Commun. Signal Process.(WCSP’11), Nanjing, China: IEEE Press, 2011, pp. 1–6.

[23] L. ZHENG, N. LU, L. CAI. Reliable Wireless CommunicationNetworks for Demand Response Control[J]. IEEE Trans. SmartGrid, 2013, 4(1): 133–140.

[24] S. MOHAGHEGHI, J. STOUPIS, W. ZHENYUAN, L. ZHAO,H.KAZEMZADEH, “Demand response architecture: Integrationintothe distribution management system,” in Proc. 1st IEEE Int.Conf. Smart Grid Commun. (Smart Grid Comm), Oct. 2010, pp.501–506.

[25] X.WANG and P. YI. Security Framework for WirelessCommunications in Smart Distribution Grid[J]. IEEE Trans.Smart Grid,2011, 2(4): 809–818.

[26] E. BOU-HARB, C. FACHKHA, M. POURZANDI, M.DEBBABI, C. ASSI. Communication Security for Smart GridDistribution Networks[J]. IEEE Comm., 2013, 51(1): 42–49.

[27] [Online] Available: http://nvd.nist.gov/cvss.cfm?calcu- lator &version=2

[28] H. Y. TSAI, Y. L. HUANG. An Analytic Hierarchy Process-BasedRisk Assessment Method for Wireless Networks[J]. IEEE Trans.Reliability, 2011, 60(4): 801-816.

[29] J. Han , M. Kamber, J. Pei, Data Mining Concepts andTechniques, 3rd ed. Waltham, Elsevier, 2009, pp. 408-415.

[30] M. SHI, Y. JIANG, X. SHEN, C. LIN. Self-Healing Group-WiseKey Distribution Schemes with Time-Limited Node Revocationfor Wireless Sensor Networks[J]. IEEE Wireless Commun.2007,14(5): 38-46.

[31] W. RAO; L. CHEN; S. TARKOMA. Toward Efficient FilterPrivacy-Aware Content-Based Pub/Sub Systems[J]. IEEE Trans.Knowledge and Data Engineering. 2013, 25(11): 2644-2657.

[32] S. N. HAN, GYU MYOUNG LEE, N. CRESPI. SemanticContext-Aware Service Composition for Building AutomationSystem[J]. IEEE Trans. Industrial Informatics, 2014, 10(1):752-761.

[33] D. WU, C. ZHOU. Fault-Tolerant and Scalable Key Managementfor Smart Grid[J]. IEEE Trans. Smart Grid. 2011, 2(2): 375–381.

[34] S. ROY, M. CONTI, S. SETIA, S. JAJODIA. Secure DataAggregation in Wireless Sensor Networks[J]. IEEE Trans. Inf.Forensics Security. 2012, 7(3).

Biographies

Guo Longhua, received the B.S. degree in electronic informationengineering from Tianjin University, Tianjin, China, in 2013 and iscurrently pursuing the Ph.D. degree in Shanghai Jiao Tong University,Shanghai, China. He participates in many national projects, such asNational Natural Science Foundation of China, National “973”Planning of the Ministry of Science and Technology, China, etc. Hisresearch interests include sensor network security, smart grid security,etc.

Dong Mianxiong, received the B.S., M.S., and Ph.D. degrees incomputer science and engineering from The University of Aizu, Japan.He was a Researcher with the National Institute of Information andCommunications Technology, Japan. He was also a Japan Society forthe Promotion of Sciences (JSPS) Research Fellow with The Universityof Aizu, and a Visiting Scholar with the BBCR Group, University ofWaterloo, Canada, supported by the JSPS Excellent Young ResearcherOverseas Visit Program, from 2010 to 2011. He was selected as aForeigner Research Fellow (a total of three recipients all over Japan) bythe NEC C&C Foundation in 2011. He is currently an AssistantProfessor with the Department of Information and ElectronicEngineering, Muroran Institute of Technology, Japan. He is a ResearchScientist with the A3 Foresight Program funded by the Japan Societyfor the Promotion of Sciences, the National Natural Science Foundationof China, and the National Research Foundation of Korea (2011–2016).His research interests include wireless sensor networks, vehicularad-hoc networks, and wireless security. He was the Best Paper AwardWinner of the IEEE HPCC 2008, the IEEE ICESS 2008, and ICA3PP2014. *The corresponding author. Email: mx.dong@ieee.org.

Kaoru Ota, received the M.S. degree in computer science fromOklahoma State University, USA, in 2008, and the Ph.D. degree incomputer science and engineering from The University of Aizu, Japan,in 2012. From 2010 to 2011, she was a Visiting Scholar with the BBCRGroup, University of Waterloo, Canada. She was also a Japan Societyof the Promotion of Science (JSPS) Research Fellow with theKato-Nishiyama Laboratory, Graduate School of Information Sciences,Tohoku University, Japan, from 2012 to 2013. She has been with theJSPS A3 Foresight Program as one of primary researchers since 2011,which is supported by the Japanese, Chinese, and Korean Governments.She is currently an Assistant Professor with the Department ofInformation and Electronic Engineering, Muroran Institute ofTechnology, Japan. Her research interests include wireless sensornetworks, vehicular ad hoc networks, and ubiquitous computing. Shewas a Guest Editor of IEEE Wireless Communications and IEICETransactions on Information and Systems, and serves as an Editor ofPeer-to-Peer Networking and Applications (Springer), Ad Hoc &Sensor Wireless Networks, the International Journal of EmbeddedSystems (Inderscience), and the Journal of Cyber-Physical Systems.

Wu Jun, is an Associate Professor of School of Information SecurityEngineering, Shanghai Jiao Tong University, China. He got his PH.D.Degree in Information and Telecommunication Studies at WasedaUniversity, Japan. He was a postdoctoral researcher of Postdoctoralresearcher of Research Institute for Secure System (RISEC), NationalInstitute of Advanced Industrial Science and Technology (AIST), Japan,from 2011 to 2012. He was a researcher of Global Information andTelecommunication Institute (GITI), Waseda University, Japan, from2011 to 2013. His research interests include the advanced computationsand communications techniques of smart sensors, wirelesscommunication systems, industrial control systems, wireless sensornetworks, smart grids, etc.

Li Jianhua, is a professor/Ph.D. supervisor and the vice dean of Schoolof Information Security Engineering, Shanghai Jiao Tong University,Shanghai, China. He got his BS, MS and Ph.D. degrees from ShanghaiJiao Tong University, in 1986, 1991 and 1998, respectively. He was thechief expert in the information security committee experts of NationalHigh Technology Research and Development Program of China (863Program) of China. He is the member of the committee of informationsecurity area of the state 10th five-year plan of China. Also, he is acommittee expert of China State Secrecy Bureau and Shanghai SecrecyBureau. He is also a committee expert of Information TechniqueStandardization Committee of Shanghai, China. He was the leader ofmore than 30 state/province projects of China, and published more than200 papers. He published 6 books and has about 20 patents. He made 3standards and has 5 software copyrights. He got the Second Prize ofNational Technology Progress Award of China in 2005. He got the FirstPrize of National Technology Progress Award of Shanghai in 2003 and2004, and he got two First Prize of National Technology ProgressAwards of Shanghai in 2004. His research interests include informationsecurity, signal process, computer network communication, etc.