Availability, Security, pub-sub, Key management
The management of a complex cyber-physical system such as the Smart Grid (SG) requires responsive, scalable and high-bandwidth communication, which is often beyond the capabilities of the classical closed communication networks of the power grid. Consequently, the use of scalable public IP based networks is increasingly being advocated. However, a direct consequence of the use of public networks is the exposure of the SG to varied reliability/security risks, e.g., distributed denial of service (DDoS). Thus the need exists for new lightweight mechanisms that can provide both cost-effective communication along with proactive DDoS attack protection. We fill this gap by proposing a novel approach termed as SeReCP, which leverages: (1) a semi-trusted P2P-based publish-subscribe (pub-sub) system providing a proactive countermeasure for DDoS attacks and secure group communications by aid of a group key management system, (2) a data diffusion mechanism that sustains the network availability in the case of both randomly sweeping and targeted DDoS attacks on pub-sub brokers, and (3) a multi-homing-based fast recovery mechanism for detecting and requesting the dropped packets, thus paving the way for meeting the stringent latency requirements of SG applications. Our evaluation on a real testbed demonstrates that SeReCP provides the required security and availability for SG applications with up to 30% failures of the pub-sub brokers. Overall, we show that SeReCP helps enable the secure use of public network based communication for safetycritical cyber-physical systems such as the SG.