Article

BlackIoT: IoT Botnet of high wattage devices can disrupt the power grid

Authors:

Prateek Mittal,

H. Vincent PoorAuthors Info & Claims

SEC'18: Proceedings of the 27th USENIX Conference on Security Symposium

Pages 15 - 32

Published: 15 August 2018 Publication History

Abstract

We demonstrate that an Internet of Things (IoT) botnet of high wattage devices-such as air conditioners and heaters-gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid. We study five variations of the MadloT attacks and evaluate their effectiveness via state-of-the-art simulators on real-world power grid models. These simulation results demonstrate that the MadIoT attacks can result in local power outages and in the worst cases, large-scale blackouts. Moreover, we show that these attacks can rather be used to increase the operating cost of the grid to benefit a few utilities in the electricity market. This work sheds light upon the interdependency between the vulnerability of the IoT and that of the other networks such as the power grid whose security requires attention from both the systems security and power engineering communities.

References

[1]

Amazon Echo. https://www.amazon.com/all-new-amazon-echo-speaker-with-wifi-alexa-dark-charcoal/dp/B06XCM9LJ4. Accessed: Jan. 2018.

[2]

Aquanta: Heat water when you need it, save money when you don't. https://aquanta.io/. Accessed: Jan. 2018.

[3]

GE Wi-Fi connect appliances. http://www.geappliances.com/ge/connected-appliances/. Accessed: Jan. 2018.

[4]

Google Home. https://store.google.com/product/google_home. Accessed: Jan. 2018.

[5]

New York Independent System Operator (NYISO). http://www.nyiso.com/public/index.jsp. Accessed: Jan. 2018.

[6]

Pair of bugs open Honeywell home controllers up to easy hacks. https://threatpost.com/pair-of-bugs-open-honeywell-home-controllers-up-to-easy-hacks/113965/. Accessed: Jan. 2018.

[7]

PowerWorld Simulator. https://www.powerworld.com/. Accessed: Jan. 2018.

[8]

Tado intelligent AC control. https://www.tado.com/us/. Accessed: Jan. 2018.

[9]

The Federal Energy Regulatory Comission (FERC) and the North American Electric Reliability Corporation (NERC). Arizona-Southern California Outages on September 8, 2011. http://www.ferc.gov/legal/staff-reports/04-27-2012-ferc-nerc-report.pdf. Accessed: Jan. 2018.

[10]

U.S. Energy Information Administration (EIA). https://www.eia.gov/. Accessed: Jan. 2018.

[11]

AMINI, S., PASQUALETTI, F., AND MOHSENIAN-RAD, H. Dynamic load altering attacks against power system stability: Attack models and protection schemes. IEEE Trans. Smart Grid 9, 4 (2018), 2862-2872.

[12]

ANTONAKAKIS, M., APRIL, T., BAILEY, M., BERNHARD, M., BURSZTEIN, E., COCHRAN, J., DURUMERIC, Z., HALDERMAN, J. A., INVERNIZZI, L., KALLITSIS, M., ET AL. Understanding the Mirai botnet. In Proc. USENIX Security Sympsion'17 (Aug. 2017).

[13]

AUSTRALIAN ENERGY MARKET OPERATOR (AEMO). Black system South Australia 28 september 2016. https://www.aemo.com.au/-/media/Files/Electricity/NEM/Market_Notices_and_Events/Power_System_Incident_Reports/2017/Integrated-Final-Report-SA-Black-System-28-September-2016.pdf. Accessed: Jan. 2018.

[14]

BIENSTOCK, D. Electrical Transmission System Cascades and Vulnerability: An Operations Research Viewpoint. SIAM, 2016.

[15]

BIENSTOCK, D., AND ESCOBAR, M. Computing undetectable attacks on power grids. ACM PER 45, 2 (2017), 115-118.

[16]

BULDYREV, S., PARSHANI, R., PAUL, G., STANLEY, H., AND HAVLIN, S. Catastrophic cascade of failures in interdependent networks. Nature 464, 7291 (2010), 1025-1028.

[17]

CARRERAS, B., LYNCH, V., DOBSON, I., AND NEWMAN, D. Critical points and transitions in an electric power transmission model for cascading failure blackouts. Chaos 12, 4 (2002), 985-994.

[18]

CETINAY, H., SOLTAN, S., KUIPERS, F. A., ZUSSMAN, G., AND VAN MIEGHEM, P. Analyzing cascading failures in power grids under the AC and DC power flow models. In Proc. IFIP Performance'17 (Nov. 2017).

[19]

DABROWSKI, A., ULLRICH, J., AND WEIPPL, E. R. Grid shock: Coordinated load-changing attacks on power grids: The nonsmart power grid is vulnerable to cyber attacks as well. In Proc. ACM ACSAC'17 (Dec. 2017).

[20]

DÁN, G., AND SANDBERG, H. Stealth attacks and protection schemes for state estimators in power systems. In Proc. IEEE SmartGridComm'10 (2010).

[21]

DENNING, T., KOHNO, T., AND LEVY, H. M. Computer security and the modern home. Commun. ACM 56, 1 (2013), 94-103.

[22]

DOBAKHSHARI, A. S., AND RANJBAR, A. M. A novel method for fault location of transmission lines by wide-area voltage measurements considering measurement errors. IEEE Trans. Smart Grid 6, 2 (2015), 874-884.

[23]

DOBSON, I. Cascading network failure in power grid blackouts. Encyclopedia of Systems and Control (2015), 105-108.

[24]

DVORKIN, Y., AND GARG, S. IoT-enabled distributed cyber-attacks on transmission and distribution grids. In Proc. NAPS'17 (Sept 2017).

[25]

EUROPEAN NETWORK OF TRANSMISSION SYSTEM OPERATORS FOR ELECTRICITY (ENTSOE). Frequency stability evaluation criteria for the synchronous zone of continental Europe. https://www.entsoe.eu/Documents/SOC%20documents/RGCE_SPD_frequency_stability_criteria_v10.pdf. Accessed: Jan. 2018.

[26]

EUROPEAN NETWORK OF TRANSMISSION SYSTEM OPERATORS FOR ELECTRICITY (ENTSOE). Continental Europe operation handbook, 2004. https://www.entsoe.eu/publications/system-operations-reports/operation-handbook/Pages/default.aspx. Accessed: Jan. 2018.

[27]

FEDERAL ENERGY REGULATORY COMMISSION AND OTHERS. Energy Primer, a Handbook of Energy Market Basics. 2012.

[28]

FERNANDES, E., JUNG, J., AND PRAKASH, A. Security analysis of emerging smart home applications. In Proc. IEEE S&P'16 (2016), pp. 636-654.

[29]

GARCIA, L., BRASSER, F., CINTUGLU, M. H., SADEGHI, A.-R., MOHAMMED, O., AND ZONOUZ, S. A. Hey, my malware knows physics! attacking PLCs with physical model aware rootkit. In Proc. NDSS'17 (2017).

[30]

GIACONI, G., GÜNDÜZ, D., AND POOR, H. V. Privacy-aware smart metering: Progress and challenges. IEEE Signal Process. Mag. (to appear) (2018).

[31]

GLOVER, J. D., SARMA, M. S., AND OVERBYE, T. Power System Analysis & Design, SI Version. Cengage Learning, 2012.

[32]

GROSS, D., BOLOGNANI, S., POOLLA, B. K., AND DÖRFLER, F. Increasing the resilience of low-inertia power systems by virtual inertia and damping. In Proc. IEEE IREP'17 (2017).

[33]

HERNANDEZ, G., ARIAS, O., BUENTELLO, D., AND JIN, Y. Smart nest thermostat: A smart spy in your home. Black Hat USA (2014).

[34]

HESPANHA, J. P. An efficient Matlab algorithm for graph partitioning. Technical Report (2004). https://www.ece.ucsb.edu/~hespanha/published/tr-ell-gp.pdf. Accessed: Jan. 2018.

[35]

ILLINOIS CENTER FOR A SMARTER ELECTRIC GRID (ICSEG). Power test cases. http://icseg.iti.illinois.edu/power-cases/. Accessed: Jan. 2018.

[36]

KEHAGIAS, A. Community detection toolbox. https://www.mathworks.com/matlabcentral/fileexchange/45867-community-detection-toolbox. Accessed: Jan. 2018.

[37]

KIM, J., TONG, L., AND THOMAS, R. J. Subspace methods for data attack on state estimation: A data driven approach. IEEE Trans. Signal Process. 63, 5 (2015), 1102-1114.

[38]

KORKALI, M., VENEMAN, J. G., TIVNAN, B. F., BAGROW, J. P., AND HINES, P. D. Reducing cascading failure risk by increasing infrastructure network interdependence. Sci. Rep. 7 (2017).

[39]

LI, S., YILMAZ, Y., AND WANG, X. Quickest detection of false data injection attack in wide-area smart grids. IEEE Trans. Smart Grid 6, 6 (2015), 2725-2735.

[40]

LIU, Y., NING, P., AND REITER, M. K. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14, 1 (2011), 13.

[41]

MOHSENIAN-RAD, A.-H., AND LEON-GARCIA, A. Distributed internet-based load altering attacks against smart power grids. IEEE Trans. Smart Grid 2, 4 (2011), 667-674.

[42]

NAEINI, P. E., BHAGAVATULA, S., HABIB, H., DEGELING, M., BAUER, L., CRANOR, L., AND SADEH, N. Privacy expectations and preferences in an IoT world. In Proc. SOUPS'17 (2017).

[43]

NAVEED, M., ZHOU, X.-Y., DEMETRIOU, S., WANG, X., AND GUNTER, C. A. Inside job: Understanding and mitigating the threat of external device mis-binding on android. In Proc. NDSS'14 (2014).

[44]

NEPLAN-POWER SYSTEMS ANALYSIS. Turbine-governor models. http://www.neplan.ch/wp-content/uploads/2015/08/Nep_TURBINES_GOV.pdf. Accessed: Jan. 2018.

[45]

NIA, A. M., AND JHA, N. K. A comprehensive study of security of internet-of-things. IEEE Trans. Emerg. Topics Comput. 5, 4 (2017), 586-602.

[46]

PARANDEHGHEIBI, M., AND MODIANO, E. Robustness of interdependent networks: The case of communication networks and the power grid. In Proc. IEEE GLOBECOM'13 (2013).

[47]

PASTRANA, S., RODRIGUEZ-CANSECO, J., AND CALLEJA, A. ArduWorm: A functional malware targeting Arduino devices. COSEC Computer Security Lab (2016).

[48]

RAMIREZ, L., AND DOBSON, I. Monitoring voltage collapse margin with synchrophasors across transmission corridors with multiple lines and multiple contingencies. In Proc. IEEE PESGM'15 (2015).

[49]

RONEN, E., SHAMIR, A., WEINGARTEN, A.-O., AND O'FLYNN, C. IoT goes nuclear: Creating a ZigBee chain reaction. In Proc. IEEE S&P'17 (2017).

[50]

SACHIDANANDA, V., TOH, J., SIBONI, S., SHABTAI, A., AND ELOVICI, Y. Poster: Towards exposing internet of things: A roadmap. In Proc. ACM CCS'16 (2016).

[51]

SAUER, P., AND PAI, M. Power System Dynamics and Stability. Prentice Hall, 1998.

[52]

SHARMA, A., SRIVASTAVA, S., AND CHAKRABARTI, S. Testing and validation of power system dynamic state estimators using real time digital simulator (RTDS). IEEE Trans. Power Syst. 31, 3 (2016), 2338-2347.

[53]

SlMPSON, A. K., ROESNER, F., AND KOHNO, T. Securing vulnerable home IoT devices with an in-hub security manager. In Proc. IEEE PerCom'17 (2017).

[54]

SOLTAN, S., MAZAURIC, D., AND ZUSSMAN, G. Analysis of failures in power grids. IEEE Trans. Control Netw. Syst. 4, 3 (2017), 288-300.

[55]

SOLTAN, S., YANNAKAKIS, M., AND ZUSSMAN, G. Joint cyber and physical attacks on power grids: Graph theoretical approaches for information recovery. In Proc. ACM SIGMETRICS'15 (June 2015).

[56]

STATISTA. Number of homes with smart thermostats in North America from 2014 to 2020 (in millions). https://www.statista.com/statistics/625868/homes-with-smart-thermostats-in-north-america/. Accessed: Jan. 2018.

[57]

SURBATOVICH, M., ALJURAIDAN, J., BAUER, L., DAS, A., AND JIA, L. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of ifttt recipes. In Proc. WWW'17 (2017).

[58]

THE UNITED NATIONS. Demographic yearbook, 2017. https://unstats.un.org/unsd/demographic-social/products/dyb/dybcensusdata.cshtml. Accessed: Jan. 2018.

[59]

UNION FOR THE COORDINATION OF THE TRANSMISSION OF ELECTRICITY (UCTE). Final report of the investigation committee on the 28 September 2003 blackout in Italy. http://www.rae.gr/old/cases/C13/italy/UCTE_rept.pdf. Accessed: Jan. 2018.

[60]

U.S.-CANADA POWER SYSTEM OUTAGE TASK FORCE. Report on the August 14, 2003 blackout in the United States and Canada: Causes and recommendations. https://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/BlackoutFinal-Web.pdf. Accessed: Jan. 2018.

[61]

WANG, N., ZHANG, J., AND XIA, X. Energy consumption of air conditioners at different temperature set points. Energy and Buildings 65 (2013), 412-418.

[62]

WOOD, A. J., AND WOLLENBERG, B. F. Power Generation, Operation, and Control. John Wiley & Sons, 2012.

[63]

YU, T., SEKAR, V., SESHAN, S., AGARWAL, Y., AND XU, C. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Proc. ACM HotNets'15 (2015).

[64]

ZHANG, G., YAN, C., JI, X., ZHANG, T., ZHANG, T., AND XU, W. DolphinAttack: Inaudible voice commands. In Proc. ACM CCS'17 (2017).

[65]

ZIMMERMAN, R. D., MURILLO-SÁNCHEZ, C. E., AND THOMAS, R. J. MATPOWER: Steady-state operations, planning, and analysis tools for power systems research and education. IEEE Trans. Power Syst. 26, 1 (2011), 12-19.

Cited By

Pan PMa XFu YChen F(2022)Automating Group Management of Large-Scale IoT Botnets for AntitrackingSecurity and Communication Networks10.1155/2022/41969452022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4196945
Lee GKim BSong SKim CKim JKim H(2021)Precise Correlation Extraction for IoT Fault Detection With Concurrent ActivitiesACM Transactions on Embedded Computing Systems10.1145/347702520:5s(1-21)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3477025
Falas SKonstantinou CMichael M(2021)A Modular End-to-End Framework for Secure Firmware Updates on Embedded SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/346023418:1(1-19)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3460234
Show More Cited By

Recommendations

Joint dynamic voltage scaling and adaptive body biasing for heterogeneous distributed real-time embedded systems

While dynamic power consumption has traditionally been the primary source of power consumption, leakage power is becoming an increasingly important concern as technology feature size continues to shrink. Previous system-level approaches focus on ...
Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Postplacement Voltage Island Generation

High power consumption will not only shorten the battery life of handheld devices, but also cause thermal and reliability problems. To lower power consumption, one way is to reduce the supply voltage as in multisupply voltage (MSV) designs. In region-...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'18: Proceedings of the 27th USENIX Conference on Security Symposium

August 2018

1740 pages

ISBN:9781931971461

Program Chairs:
William Enck
North Carolina State University
,
Adrienne Porter Felt
Google

Sponsors

Google Inc.
Baidu Research: Baidu Research
NSF
Facebook: Facebook

Publisher

USENIX Association

United States

Publication History

Published: 15 August 2018

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pan PMa XFu YChen F(2022)Automating Group Management of Large-Scale IoT Botnets for AntitrackingSecurity and Communication Networks10.1155/2022/41969452022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4196945
Lee GKim BSong SKim CKim JKim H(2021)Precise Correlation Extraction for IoT Fault Detection With Concurrent ActivitiesACM Transactions on Embedded Computing Systems10.1145/347702520:5s(1-21)Online publication date: 22-Sep-2021
https://dl.acm.org/doi/10.1145/3477025
Falas SKonstantinou CMichael M(2021)A Modular End-to-End Framework for Secure Firmware Updates on Embedded SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/346023418:1(1-19)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3460234
Huang BCardenas ABaldick RHeninger NTraynor P(2019)Not everything is dark and gloomyProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361416(1115-1132)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361416
Ding ADe Jesus GJanssen M(2019)Ethical hacking for boosting IoT vulnerability managementProceedings of the Eighth International Conference on Telecommunications and Remote Sensing10.1145/3357767.3357774(49-55)Online publication date: 16-Sep-2019
https://dl.acm.org/doi/10.1145/3357767.3357774
Celik ZFernandes EPauley ETan GMcDaniel P(2019)Program Analysis of Commodity IoT Applications for Security and PrivacyACM Computing Surveys10.1145/333350152:4(1-30)Online publication date: 30-Aug-2019
https://dl.acm.org/doi/10.1145/3333501
Doshi KMozaffari MYilmaz Y(2019)RAPIDProceedings of the ACM Workshop on Wireless Security and Machine Learning10.1145/3324921.3328789(49-54)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3324921.3328789
Choi JAnwar AAlasmary HSpaulding JNyang DMohaisen A(2019)Analyzing endpoints in the internet of things malwareProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3326295(288-289)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3326295
OConnor TEnck WReaves B(2019)Blinded and confusedProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3319724(140-150)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3319724

View Options

View options

Figures

Tables

Media

View Table of Conten