A Security Investigation of Power Line Communication
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
In the last few years, the number of internet-connected devices increased rapidly. Various types of devices that were usually operating isolated and offline, such as electricity meters or cars, are becoming more and more interconnected. This enables the devices to share and exchange data in real time and facilitate the users' everyday life. However, in order to enable a cost efficient, reliable and easy integration of such devices, new means of communication are necessary.
Power Line Communication (PLC) is one of the technologies that meets the aforementioned requirements. Over the last few years, the HomePlug Powerline Alliance, a consortium composed of the biggest PLC hardware manufacturers, developed and implemented various optimisations to reduce the costs of the hardware, while increasing the robustness of the communication against interference and simultaneously improve the data rates. Due to the utilisation of existing power cables to transmit data, no additional wires have to be installed. This reduces costs and also allows devices to be connected in places where it would not be possible to install extra cables.
Apart from the usage in domestic environments as an alternative to WiFi, PLC is a key technology in the smart grid. Electric vehicles that implement the Combined Charging System (CCS) use PLC to communicate with the charging station and exchange charging parameters, such as current and the State of Charge (SOC). In the future, the bi-directional communication will allow the vehicle to directly communicate with the smart gird and act as an energy storage system to buffer surplus energy and if needed inject it back into the grid to compensate demand peaks.
Nevertheless, PLC also has a considerable disadvantage. It is susceptible to different kinds of noise, in particular, to background, narrowband and impulsive noise. This noise and interference can be caused by devices, such as dimmers and hairdryers connected to the same power line. At the same time, PLC emits strong electromagnetic radiation, even so intense that it interferes with amateur radio [2]. [1] demonstrated that it is possible to exploit this unintended leakage of electromagnetic emission during a CCS based charging session to capture and decode the exchanged PHY-layer Protocol Data Units (PPDUs).
In this research project, a security investigation of Power Line Communication is carried out. More precisely, we will evaluate if active attacks, like packet injection, from the wireless domain are feasible. In addition, appropriate mitigation strategies are investigated to prevent an adversary from injecting packets.
This project falls within the EPSRC Security, privacy and trust research area
References
[1] Richard Baker and Ivan Martinovic. Losing the car keys: Wireless phy-layer insecurity in EV charging. In 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, 2019. USENIX Association.
[2] Lutz Lampe, Andrea M. Tonello, and Theo G. Swart. Power Line Communications: Principles, Standards and Applications from Multimedia to Smart Grid. Wiley Publishing, 2nd edition, 2016.
Power Line Communication (PLC) is one of the technologies that meets the aforementioned requirements. Over the last few years, the HomePlug Powerline Alliance, a consortium composed of the biggest PLC hardware manufacturers, developed and implemented various optimisations to reduce the costs of the hardware, while increasing the robustness of the communication against interference and simultaneously improve the data rates. Due to the utilisation of existing power cables to transmit data, no additional wires have to be installed. This reduces costs and also allows devices to be connected in places where it would not be possible to install extra cables.
Apart from the usage in domestic environments as an alternative to WiFi, PLC is a key technology in the smart grid. Electric vehicles that implement the Combined Charging System (CCS) use PLC to communicate with the charging station and exchange charging parameters, such as current and the State of Charge (SOC). In the future, the bi-directional communication will allow the vehicle to directly communicate with the smart gird and act as an energy storage system to buffer surplus energy and if needed inject it back into the grid to compensate demand peaks.
Nevertheless, PLC also has a considerable disadvantage. It is susceptible to different kinds of noise, in particular, to background, narrowband and impulsive noise. This noise and interference can be caused by devices, such as dimmers and hairdryers connected to the same power line. At the same time, PLC emits strong electromagnetic radiation, even so intense that it interferes with amateur radio [2]. [1] demonstrated that it is possible to exploit this unintended leakage of electromagnetic emission during a CCS based charging session to capture and decode the exchanged PHY-layer Protocol Data Units (PPDUs).
In this research project, a security investigation of Power Line Communication is carried out. More precisely, we will evaluate if active attacks, like packet injection, from the wireless domain are feasible. In addition, appropriate mitigation strategies are investigated to prevent an adversary from injecting packets.
This project falls within the EPSRC Security, privacy and trust research area
References
[1] Richard Baker and Ivan Martinovic. Losing the car keys: Wireless phy-layer insecurity in EV charging. In 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, 2019. USENIX Association.
[2] Lutz Lampe, Andrea M. Tonello, and Theo G. Swart. Power Line Communications: Principles, Standards and Applications from Multimedia to Smart Grid. Wiley Publishing, 2nd edition, 2016.
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
People |
ORCID iD |
| Joss Wright (Primary Supervisor) | |
| Sebastian Kohler (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 2068344 | Studentship | EP/P00881X/1 | 01/10/2018 | 30/09/2022 | Sebastian Kohler |
| Description | We found that modern CMOS image sensors have an inherent vulnerability due to their electronic rolling shutter mechanism. This vulnerability allows an adversary to inject fine-grained distortions into the captured frames. Our results indicate that rolling shutter attacks can substantially reduce the performance and reliability of vision-based intelligent systems. |
| Exploitation Route | We will make the source code of our evaluation available to other researchers. |
| Sectors | Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy |