Authentication and Integrity in the Smart Grid: An Empirical Study in Substation Automation Systems

In this paper, the authors aim at authentication and integrity protections in Substation Automation Systems (SAS), by an experimental approach on a small scale SAS prototype, in which messages are transmitted with commonly-used data origin authentication schemes, such as RSA, Message Authentication Code, and One-Time Signature. Through experimental results, they find that, current security solutions cannot be applied directly into the SAS due to insufficient performance considerations in response to application constraints, including limited device computation capabilities, stringent timing requirements and high data sampling rates. Moreover, intrinsic limitations of security schemes, such as complicated computations, shorter key valid time and limited key supplies, can easily be hijacked by malicious attackers, to undermine message deliveries, thus becoming security vulnerabilities.