issn : 0974-5572 -...

International Journal of Control Theory and Applications225

Enhancing Cyber Security on Substation Automation using RSA Algorithm

R. Prabhakarana and S. Ashab

aAssistant Professor (Senior), School of Computer Science and Engineering, Vellore Institute of Technology, Chennai Campus, TN, India. Email: [email protected] bAssociate Professor, School of Computer Science and Engineering, Vellore Institute of Technology, Chennai Campus, TN, India. Email: [email protected]

Abstract: Cyber security, referred to as IT security, focuses on maintaining computers security, networks security and data from unplanned or illegal access. In this paper, we propose methodology to enhancing cyber security in Substation Automation System. A substation is a system or a part of an electrical production, transmission and sharing system. Substations are the building blocks for any grid, and without passable protection it can quickly come reducing down. To ensure the security of data in automation system, we propose the implementation using RSA Algorithm. RSA Algorithm is widely used. It’s used for public key cryptography. It consists of two keys-first one is public key and another one is private key. The public key is used for encrypting data and this key is visible to all, and this key is generated in server side. The private key is only known to the receiver. And this encrypted data only decrypted by using the private key.Keywords: Cyber Security, Substation Automation System, RSA Algorithm, Key Generation, Encryption, Decryption.

IntRoduCtIon1. Cyber security is digital security techniques developed to reduce or prevent cyber Security attacks. Cyber security, referred to computer field security, focuses on maintaining the computers security, networks and data from unplanned or illegal access, change or damage and we can also say that cyber security is Techniques for avoiding, finding, and fixing software liability. Data security means protecting data such as database, website from unplanned or illegal access. Data should be protected no matter where it be present - It may be in database, applications, or report across production and no-production environment. There are many methods for providing or producing security in data are data encryption and data decryption, data masking, data erasure, etc. In data masking there are many technique to provide security in data like substitution, shuffling (It is very common form of data obfuscation), number of data variance (it is useful for applying to financial and date driven information fields) etc. Data erasure technique is also called as data wiping or clearing of data, it is software based method.

International Journal of Control Theory and Applications

ISSN : 0974-5572

„ International Science Press

Volume 9 • Number 51 • 2016

R. Prabhakaran and S. Asha

International Journal of Control Theory and Applications 226

In this method data is permanently removed with the help of file deletion command, which only remove the file or direct pointer and it is recovered by any common recovery software tool. And another way of providing security in data is encryption/decryption. I am using this technique in my project, this is cryptography technique. Cryptography is a process of using mathematical technique to provide security on data network database, data integrity, entity verification and data origin validation.

EXIStInG SYStEM2. NIDS (Network Intrusion Detection System) monitors or handles all the traffic on its network. In my existing system, the NIDS (Network Intrusion Detection system) is usually consummated by placing or inserting the network interface license or tag in licentious mode to capture all system or network passage like phone lines and all other means of communication. In this system, data or message is passing between server and client is normal or actual form. There is no security provided in that message, if anyone hack this message in the middle of the communication then they are normally read all the data which is passed from server to client. ID (Intrusion Detection) is process for analyzing information system to determine if security violate has occurred. IDS (Intrusion Detection System) are a software application or device which operates or monitors network.

PRoPoSEd WoRK3. In 1997, the first public key algorithm is invented or discovered by RIVEST, SHAMIR and ADLEMAN which is named as RSA Algorithm. As shown in Figure 1 RSA algorithm is used for encrypting the data to providing security in data”.

Figure 1: Proposed System

The data which server wants to send to the client is firstly encrypted with the help of public key in server side and then send it to client side. Then client receive the encrypted data and then with the help of key generation algorithm private key is generated, after that with that key data is decrypted into original form and visible to the Client. In RSA, every message is represented as an integer. RSA involves two large prime number (prime number which is divisible by only itself or (1) then perform some additional operations on it. After that operation



deriving the set of two numbers. One set of number create the public key and another set is create the private key. Real prime numbers which is taken from user are no longer important when the public key is generated. Both keys are needed for encryption and decryption. There are three main modules of RSA algorithm:

∑ Key generation

∑ Encryption

∑ Decryption

A. Key GenerationKey generation process should be done before the data is encrypted. It consists of following steps:

∑ Select the two large random prime number “a” and “b”. remember that prime No. that can be divide only 1 or itself for security purpose, the integers

∑ Then multiply prime number to find modules “n” which is common for both public and private key.

∑ n = x * y

∑ Calculate Euler’s function φ ofmodules to decide the criteria for encryption key or publicexponent

∑ φ(n)=(a-1)(b-1)

∑ Chooseanyrandominteger“p”which1<p<φ(n)Andgreatestcommondivisorof“p”,soφ(n)is1. Now “p” is defined as public-key exponent.

∑ TofindoutthedecryptionkeyorprivateKeyexponent,calculatedsothatp*d=1modφ(n) ;dismultipleinverseofpmodulusφ(n).

∑ Now publish the public key pair for encryption as (e, n). The public key consists of public exponent e and modulus of n.

∑ Keep the private key pair secret key for decryption as (d, n). The private key consists of the private exponent d and modulus n.

B. EncryptionReal plain text (data) is converted or changed into cipher text (data), this process is called as Encryption. The sender uses an encryption algorithm as shown in Figure 2.

∑ Public key (n, p) is provided to the user who wants to the user who wants to send the data to one or more client in substation.

∑ Using an agreed upon reversible protocol to map the data in an integer.

∑ Data is encrypted and get cipher text (data) as a result C is

∑ C = mp(mod n) Figure 2: Encryption Module



∑ Encrypted data is now sending to the all client.

∑ C = me(mod n)

C. decryptionThe process of converting cipher text (data) to the original plain text (data) is called as decryption. A receiver uses a decryption algorithm as shown in Figure 3.

∑ The cloud user request for the data to the cloud provider.

∑ The authenticity of the user is verified by the cloud service provider and they gives the encrypted data i.e. C.

∑ Then data is decrypted by the cloud user

∑ m = Cd (mod n)

∑ User can get back the original data, when once m is obtained, by reversing the padding scheme.

∑ m = Cd (mod n)

IMPlEMEntAtIon RESult4. In first, Implementation is performed on normal client server program in java which is drawback of the existing system.

Figure 4

Figure 3: decryption Module



output:-



After that, Implementation is performed on RSA Algorithm in java Language to provide security in data.



output:-

ConCluSIon5. In this paper, security is provided to data using RSA Algorithm in the substation Automation System. Here, data which is transferred from one station to another station is secured (encrypted or encoded in different form which is only decoded or decrypted by private key which is only known to the client).



REFEREnCESDetection of Cyber Intrusions Using Network-Based Multicast Messages for Substation Automation[1]

U.-K. Premaratne, J. Samarabandu, T.-S. Sidhu, R. Beresh, and J.-C. Tan, “An Intrusion Detection System for IEC 61850 [2] Automated Substations,” IEEE Trans. Power Del., Vol. 25, No. 4, pp. 2376-2383, Oct. 2010.

William Stallings, Cryptography and Network Security, Fourth Edition, June 3, 2010.[3]

IEC 61850, Communication Networks and System in Substation Automation, IEC Std., 2002–2005, available at www.[4] iec.ch.

wikipedia.org/wiki/RSA_Algorithm[5]

Behrouz A. Forouzan and Debdeep Mukhopadhyay “Cryptography and Network Security” (2nd edition).[6]

Abdul.Mina, D.S, Kader, H.M. Abdual & Hadhoud, M.M. “Performance Analysis of Asymmetric Cryptography”. pp. 1.[7]

FIPS 197, “Advanced Encryption Standard (AES)”, November 26,2001.[8]

The Advanced Encryption Standard (Rijndael). 2010.[9]

http://www.quadibloc.com/crypto/co040401.htm (accessed March, 15, 2010). Trenholme, S. “S-box.” AES. 2010.[10]

http://www.samiam.org/s-box.html (accessed March, 15, 2010).[11]

William Stallings, “Network Security Essentials Applications and Standards”, Third Edition, Pearson Education, 2007.[12]

S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber-Physical System Security for the Electric Power Grid,” IEEE Proc., Vol. [13] 100, No. 1, pp. 210-224, Jan. 2012.

U.-K. Premaratne, J. Samarabandu, T.-S. Sidhu, R. Beresh, and J.-C. Tan, “An Intrusion Detection System for IEC 61850 [14] Automated Substations,” IEEE Trans. Power Del., Vol. 25, No. 4, pp. 2376-2383, Oct. 2010.

C.-W. Ten, J. Hong, and C.-C. Liu, “Anomaly Detection for Cybersecurity of the Substations,” IEEE Trans. Smart Grid, [15] Vol. 2, No. 4, pp. 865-873, Dec. 2011.

issn : 0974-5572 -...

Documents