Low-CostandSecureCommunicationSystemforSCADA...

Research ArticleLow-Cost and Secure Communication System for SCADASystem of Remote Microgrids

Amjad Iqbal and M Tariq Iqbal

Faculty of Engineering and Applied Sciences Memorial University of Newfoundland St Johnrsquos NL Canada

Correspondence should be addressed to M Tariq Iqbal tariqmunca

Received 8 February 2019 Accepted 2 April 2019 Published 23 May 2019

Academic Editor Nicola Sorrentino

Copyright copy 2019 Amjad Iqbal and M Tariq Iqbal is is an open access article distributed under the Creative CommonsAttribution License which permits unrestricted use distribution and reproduction in anymedium provided the original work isproperly cited

Renewable energy-based local microgrids are gaining popularity despite the unavailability of low-cost power efficient and securecommunication system for its supervisory control and data acquisition (SCADA) system is research has been carried out toaddress this issue along with the additional features such as data uploading to a server through a gateway local data logging andalerting the concerned crew in case of any fault to minimize the outage time is paper presents the design of a communicationsystem for the SCADA system of microgrid ESP32 with LoRa has been used for communication between two nodes or a node andcentral SCADA unit Communication security has been achieved by implementing AES cryptography Data authenticity has beenachieved by introducing a unique message authentication code (MAC) for each message A mesh-like network has beenimplemented to improve the LoRa range ESP32 and dragino-uno based LoRa gateways have been tried for uploading the data tothe server and local data storage has been achieved using an SD card e main controller working as the SCADA unit has thefeature of sending emails Detailed system design and test results are presented in this paper

1 Introduction

In Canada more than 300 communities are in remote areasand are isolated from the central power grid and only rely ondistributed power generation units Few of these commu-nities eg Ramea NL have added renewable energy to itsenergy mix To ensure the power quality and control of thesedistributed power generation sources the SCADA systembecomes an integral part of the microgrid network In thesmart grids (SG) and the microgrid network the mainchallenges for the SCADA system are the lack of low-costsecure and authentic communication systems with mini-mum power consumption [1ndash3] In 2008 the Russian Armytook charge of the Georgian electric grid by controlling theSCADA system of their grid is made them realize theimportance of the security of the communication system forthe microgrid According to the Wall Street Journal reportin 2009 spies hacked the control system of the US electricalgrid and disrupted the system [4] Further a number ofother articles like [3] have highlighted the concerns about

smart-grid cyber security erefore the communicationsystem of an electrical grid specifically the setup related tothe SCADA system must have strong resistance againsteavesdroppers and masqueraders Usually a communica-tion system is regarded as secure if it satisfies the followingfour features [5 6]

11 Privacy e message should be encoded or encryptedsuch that only the authorized receiver can read the message

12 Message Authentication e message should be au-thentic and only the privileged nodes should be able to sendthe message Furthermore no eavesdropper should be ableto masquerade the receiver by sending fake messages

13 Integrity emessage received at the receiver side mustexactly be the same as the sender sent

HindawiJournal of Electrical and Computer EngineeringVolume 2019 Article ID 1986325 12 pageshttpsdoiorg10115520191986325

14 Nonrepudiation If there is any alteration in the mes-sage whether due to the channel error or attackerrsquos in-terference the receiver must be able to recognize that anddecline the message

In [7ndash9] a few techniques have been discussed to addressthe communication security issues In their proposedmethods a third party is involved to ensure the security of thecommunication network or setup which depends upon thethird-party network to communicate with remote end devices(REDs) Different encryption algorithms have been proposedin [10 11] to secure the communication system using dif-ferent cryptographic techniques eg shift cipher and sub-stitution cipher but for a cryptanalyst they are too simple tobreak or other encryption algorithms proposed in [12 13] Acryptanalyst can easily take the control of the system and canmodify the control messages as demonstrated in Figure 1 InFigure 1 an eavesdropper receives the message from theSCADA unit and modifies the messages and control com-mand and sends that to the remote end device (RED) pre-tending to be the SCADA unit and hacks the system In thisway control information becomes prone to the eavesdropperand loses authenticity and security Specifically in a smart-grid network secure communication between the energymeters and the SCADA system requires a low cost and asecure communication setup with improved power efficiencyTo provide remote access a Raspberry Pi could also have beenused for gateway purposes just like [14 15 16] but thatconsumes 3-4 times more power than this tiny ESP32 In thispaper we have proposed and implemented a secure andauthentic communication system using an Advanced En-cryption Standard (AES) algorithm It is usually used forextreme confidential communication purposes for militaryapplications which do not involve any third party

In Section 2 the implementation of different encryptionalgorithms on Arduino DRF1276GESP32 with LoRa forcommunication security have been discussed and comparede comparison criteria are based upon their security andresistance against attacks AES algorithm implementationsteps and security have been explained in Section 3 Section 4explains the local data logging on the SD card and the testingof the data transmission rate for different spreading factors Italso visualizes the comparison of received and sent messagesat different spreading factors (at SF-7 and SF-12) In Section 5two different gateways have been configured to upload thedata to the server for remote access and their pros and conshave been discussed briefly Range testing and improvementsin transmission range using a mesh network algorithm havebeen explained in Section 6 In Section 7 the results of AESand MAC implementation on Arduino DRF1276G LoRa andESP32-LoRa have been shown and discussed

2 Cryptographic Algorithms on Arduino withDRF1276G LoRa Module

To achieve the previously discussed four features of a secureand authentic communication system for microgrid multipleencryption algorithms were implemented on the ArduinoDRF1276G LoRa module but all cryptographic algorithms donot provide the equal secrecy level Figure 2 shows a photo of

the Arduino LoRa module used to implement the ciphersdiscussed below with their security against attacks

21 ShiftCipher In shift cipher all characters of the messageare shifted by the same number For example if the messageis ldquoabcdefrdquo and the shift is by 3 characters then after shift ldquoardquowill go to ldquodrdquo ldquobrdquo to ldquoerdquo and so on as demonstrated below

Plaintext f

Ciphertext e f g h i

edcba

d

As there are only 25 possible shifts it means that its keyset has only 25 elements and cipher can easily be decryptedwithin 25 attempts [17]

22 Affine Cipher Key set of affine cipher is little bit largerthan substitution cipher In this technique the ciphertext iscalculated by solving a simple linear equation under modulo26 because there are only 26 alphabets

For instance ldquoyrdquo indicates ciphertext and ldquoxrdquo indicatesplaintext and then y alowast x+ b where ldquoardquo and ldquobrdquo areconstants but less than 26 Its keyspace contains possiblevalues for ldquobrdquo and the possible values for which are 26 and12 respectively So this cipher could be decrypted within26times12 312 attempts [17]

23 SubstitutionCipher Substitution cipher givesmuch bettersecurity than the shift and affine cipher due to large key size Inthe implementation it is quite similar to the shift cipher buteach plaintext character is not shifted by the same number eg

PlaintextCiphertext d z h k a f

a b c d e f

e first character could be substituted by any of theother 25 characters second character by any of the rest of 24characters and so on In this way possible key size becomes

|K| 25 times 24 times 23 1 25 (1)

24 Transposition Cipher In this cipher the characters arenot substituted rather they are shuffled with each otherwithin the plaintext block eg

Attacker

Red

Red Red

Red

SCADAsetup

Figure 1 Eavesdropper masquerading the SCADA network

2 Journal of Electrical and Computer Engineering

Plaintext

Ciphertext

C A ADAN

D N A C A A

Its security depends upon the block size If a block hasldquonrdquo characters then the key set will have total n possiblevalues [17]

25 Hill Cipher Hill cipher is based upon simple linearalgebra and its feature is that it is not an injective cipher It issimilar to the affine cipher and the only difference is that itworks on matrixes and columns of plainciphertext ratherthan characters In this cipher we assign numbers to allalphabet characters eg a 0 b 1 and similarly y 24 andz 25 and use nxn square matrix as a key matrix to get thecolumn matrix of ciphertext from the column vector of

plaintext For example if the key matrix is 1 32 11113890 1113891 and

D

R1113890 1113891

4181113890 1113891is supposed to be encrypted then our cipher

will be 601113890 1113891

G

A1113890 1113891 as shown in the following equation

D⟶

R⟶

1 3

2 11113890 1113891

4

181113890 1113891

58

261113890 1113891

6

01113890 1113891(mod 26) (2)

However hill cipher keyspace is mn2 where ldquomrdquo is themodulo and ldquonrdquo is the size of the matrix despite that it isvulnerable to chosen plaintext attack [17]

Although all previously discussed cryptographic tech-niques could be implemented for simple communicationpurpose it could not be used for the SCADA systembecause oftheir vulnerability to attack by any cryptanalyst and the limitednumber of keyspace at is why we have implemented theAES algorithm to ensure the security of the SCADA systemwhich not only has the keyspace of 2128 possible keys but also isnonlinear in nature and is flexible to change the pattern ofoutput by changing the number of cascaded encryptionrounds To implement that we were not able to use Arduinowith the DRF1276G LoRa module due to its small flash sizeand CPU limitations To implement AES we have used ESP32which has not only enough flash better CPU and low cost butalso has very little power consumption (35ndash5mW)

3 Implementation of AES Algorithm UsingESP32 and LoRa Module

In this implementation MAC has been added to authen-ticate the communication and AES implemented to encryptthe message which is the most secure communication al-gorithm to all known attacks until now [18] Figure 3 showsthe flow chart of this implementation Before sending anymessage first it is encrypted using the AES encryption al-gorithm and then a 64-bit unique MAC is generated fromthe plaintext Finally the ciphertext and the MAC areconcatenated and sent Similarly on the receiver side firstthe MAC and the ciphertext are separated then the MAC isverified and the ciphertext is decrypted to process furtherFigure 4 shows the step-by-step 10 round AES encryptionand decryption In the AES implementation after generatinga binary value string from the plaintext there are four majorsteps which are repeated for each round

31AddingRoundKey eXOR sum is calculated by takingbit-wise XOR of each plaintext bit with respective key bit

32 Substitute Bytes After calculating the XOR sum eachbyte (the pair of HEX characters) is replaced with the re-spective Rijndael table (a standard table of 256 values) toincrease the confusion

33 Shift Rows After substitution all 16 bytes are distrib-uted to construct a 4times 4 square matrix In the resultantmatrix first row remains unchanged while the rest of thethree rows (2nd 3rd and 4th) are rotated left by 1 2 and3 bytes respectively

34MixColumn At this stage the matrix left multiplicationis applied using a standard 4times 4 matrix on the results of shiftrow operation

is algorithm not only has a large key set (2128 possiblekeys) but also is secure from many cryptanalysis algorithmslike differential cryptanalysis integration linear multisetand many others like these

In the AES algorithm for each round a new key isderived from the previous round key and the ciphertext ofthe previous round From the test results explained in thenext section it could be seen that each round ciphertext isentirely different from all others which is due to theimplementation of binary-level encryption e confusioncreated at each round and the propagation of confusionfrom one round to the next round makes it more secure

35 MAC Generation After the successful implementationof AES in the countermode a unique and fixed size (64 bit)MAC is generated using the plaintext of the message Itsimplementation ensures the authenticity of the message andthe receiver becomes able to verify whether the message hasbeen modified by any eavesdropper channel error or not

Figure 2 Arduino DRF1276G with LoRa module used forimplementing cryptographic algorithms

Journal of Electrical and Computer Engineering 3

4 Data Logging and Data Rate

Data logging is another feature added to this system in orderto have a self-data backup mechanism and to avoid data lossdue to any accidental failure in the communication systeme data which are supposed to be coming from local

inverterwind turbine is time-stamped and are stored afterapplying the AES encryption Subsequently the receiveddata after extracting senderreceiver identity passwords andMAC are decrypted and verified to ensure that the receivedmessage is authentic Finally the data are time-stamped andstored in a separate received data file in CSV format For the

Plaintext Plaintext

Add round key Add round key

Substitute bytes

Substitute bytes

Substitute bytes

Inverse subbytes

Inverse subbytes

Inverse subbytes

Inverse shi rows

Inverse shi rows

Inverse shi rows

Inverse mix cols

Inverse mix cols

Shi rows

Shi rows

Shi rows

Mix columns

Mix columns

Add round key

Add round key

Add round key

Add round key

Add round key

Add round key

Roun

d 1

Roun

d 9

Roun

d 9

Roun

d 10

Roun

d 10

Roun

d 1

Key

Expand Key

w[0 3]

w[4 7]

w[36 39]

w[40 43]

Ciphertext Ciphertext

yenyenyen

yenyenyen

Figure 4 Step-by-step 10 round AES encryption and decryption [17]

Encryptmessage

Plaintextmessage

Processplaintext

Concatenateciphertext and MAC

Split ciphertext andMAC

Sender

Calculate64-bit MAC

Decryptmessage

Receiver

Verify MAC

Figure 3 Flow chart of the implemented communication process


local data storage the configured SD card console is shownin Figure 5 and the logged data depend upon storage sizeand received data rate

Although according to [19] the data rate of LoRa isaround 27 kbsecond which may go up to 50 kbsecond andthe actual data rate depends upon the spreading factor LoRahas six different spreading factors from SF7 to SF12 and isdefined as SF log 2 (RcRs) with Rc indicating chip rate andRs indicating symbol rate [9 19] Data rate and range of theLoRa are SF dependent High SF gives a better range but witha lower data rate High SF also increases the probability ofdata loss loss of authenticity and the loss of integrity as wellOn the other hand a lower SF gives a better data rate but itdoes not support for long distances With SF-7 a data rate of27 kbsecond could be achieved while with SF-12 one cantransmit data up to 15 km with a poor data rate of a fewhundred bits per second [20]

When an encryption algorithm is implemented it alsocauses latency in processing [21] It was observed during thedata rate testing and the implementation of the AES en-cryption In Figures 6(a) and 6(b) results show that overalltime lapsed for encrypting and sending a message increaseswith increasing SF Here the message size was the same forall SFs the encryption algorithm (AES) was also the sameand the increasing time lapsed was only different due todifferent spreading factors From the graph it could also beinferred that SF-12 takes approximately three times more ascompared to SF-7 e relation between time elapsed and SFwas also similar at the receiver end which corroborated thisrelation of SF and time elapsed

Further visualization of this comparison was made byconfiguring one ESP32-LoRa with SF-7 and the otherESP32-LoRa with SF-12 In Figure 6(b) it can be seen that inthe lower half of the picture when sender and receiver wereboth configured with SF-7 the number of messages receivedwas equal to the messages sent While in the upper half of thepicture the sender was configured with SF-12 due to which asignificant difference appeared between the rate of messagesending and receiving (Figure 7)

5 ESP32 versus Dragino Gatewaysand Alarming

e collected data were uploaded to a server for analysisand storage To upload the data two different gatewaysbased upon ESP32 and dragino were tried but both hadcertain limitations e configuration of an ESP32-basedgateway is relatively difficult because it is to be configuredas a gateway through coding while a dedicated draginogateway is already available in the market with completeconfiguration and is more user-friendly On the otherhand an ESP32-based gateway is much more cost-effective and power efficient It hardly consumes 230ndash300mW of power [22] while the dragino gateway takesaround 12W and it requires 12 V DC for proper func-tioning while an ESP32 requires only 27ndash33 V DCOverall a dragino-based gateway consumes about 30times more power than that of ESP32 Dragino com-pensates for this excess power consumption in terms of

many other features For example it can serve up to 8nodes simultaneously by communicating with each nodeat a different frequency [23] while ESP32 can supportonly 3 such nodes simultaneously

In Figure 8(a) the configuration of an ESP32 basedgateway is shown and in Figure 8(b) e ings Network(TTN) data file is shown in which data are being uploadedand could be accessed remotely Figures 9(a) and 9(b) showthe dragino controller with LoRa-based gateway configu-ration and its profile with the real-time data load

6 Range Testing and Implementation ofMesh Network

e LoRa range was tested deploying one ESP32-LoRa atMemorial University and taking other EP32-LoRas to theSignal Hill as shown in Figure 10 is setup supported anoise- and error-free communication for the distance of385 km Although its range is usually obstacle dependentand during another testing it was observed that if thetransmitter is at ground floor in the house window and areceiver is taken outside in neighboring streets then thecommunication range drastically goes down and they cancommunicate only up to the distance of 500ndash700m Toaddress this issue a network based upon mesh-like topologywas implemented which gave better results

Figure 5 Configuring SD card for data logging


To implement a mesh topology each ESP32-Loramodule of the network was assigned a unique identitycode and was also fed with the directory of all other unitsrsquoidentity code directory Before sending a message but afterencryption and theMAC addition the sender adds the targetnode identity code and its own identity code in the messagestring e processing steps done at the receiver side areshown in the flow chart of Figure 11(a) An idle node goesinto sleep mode for power saving and whenever there is amessage it receives and parses the message packet into threeparts

(a) Sender identity code(b) Targeted receiver identity code(c) Message packet with data and MAC information

e ID of the node is compared with the targeted receiverID If they are equal this means that the node is the targetedreceiver and then the received message packet is furtherparsed into encrypted message and MAC After parsing thereceived message the previously discussed message verifi-cation algorithm is applied and after proving message

authenticity it is decrypted and then executed further If thereceiver ID is not equal to the targeted receiver ID then themessage is again packed in a single string as was received andis forwarded to the other nodes lying in the range

In this way if a message is sent from the central controlunit for a node which does not lie in the range of that unitthen a node in the vicinity of the sender will receive thatmessage and will forward to the next nearby node Acomplete system flow chart is shown in Figure 11(b) In thisfigure a node of level 2 lies out of the range of the central

45004000350030002500200015001000

5000

0 2 4 6 8 10 12 14

Tim

e (m

s)

Spreading factor (SF)

Time lapsed for encrypting and sending message under different SF

Series 1

(a)

0 2 4 6 8 10 12 14

45005000

4000350030002500200015001000

5000

Tim

e (m

s)


Time lapsed in receiving verifying and decryptingthe message under different SF

Series 1

(b)

Figure 6 Latency for different SF and AES on the (a) sender end and (b) receiver end

(a)

(b)

Figure 8 (a) Configuring ESP32 as a gateway (b) Uploading dataon e ings Network

Figure 7 Configuring ESP32-LoRa sender and receiver at differentSF


node and a node of level 1 acts as a bridge for two-waycommunication between the control node and level-2nodes

After implementing mesh topology its range was testedfor two levels of nodes and a significant improvement wasobserved e nodes whose range was limited to 500ndash700machieved another 500m in their coverage area and itsresults can be seen in Figure 11(c) In this way the rangewhich was only obstacle dependent became the function ofthe number of levels between the sender and the receiver aswell

A complete system flow chart is shown in Figure 12 edata string (V I P Q and system health) is collectedthrough sensors from distributed energy sources (eg windturbine and solar panel) and their associated inverters estring is then serially fed to the ESP32 unit ESP32 encryptsthe data and generates a unique MAC address for eachmessage and adds to the encrypted message string A uniqueidentification code of the sender node and targeted receivernode is also added into that string before transmitting Amesh node receives the message if the target node is not inrange and forwards to give better coverage Finally when amessage is received at the SCADA unit (targeted node) itverifies the sender-receiver ID then parses the packet andconfirms the message authenticity by verifying its MAC andthen decrypts and uploads to the server through gatewayunder respective node ID

Similarly when a SCADA unit sends a command itwill first encrypt the message and will generate and addthe MAC address into an encrypted message string andwill also add the senderreceiver ID before sending ereceiver will follow the same steps it will first match itsown ID with the targeted node ID encapsulated in amessage and then will verify the MAC and will decryptbefore execution If the message is not concerned with thereceiver node it will act as a bridge between the senderand the receiver and will transmit the message forward toimprove coverage

7 Results

All encryption algorithms discussed in Section 2 were triedand finally the combination of the AES algorithm

implemented on ESP32 with LoRa for the SCADA systemwas chosen after comparing their security authenticity fordata flexibility to change the key and power consumption ofthe controllers After selecting the AES algorithm differentcontrollers were tried and checked their compatibility withAES Figure 13 shows the ESP32 with the LoRa modulewhich costs about C$40 per set consumes power around5mW and supports the implementation of AES algorithmand AES with MAC as well

Figure 14(a) shows the results of AES implementation onArduino DRF1276G with the LoRa module e resultsshow that this controller cannot support even a single roundof AES implementation due to small flash size and manyother limitations Finally the ESP32 board was selected forthis project due to its sufficient flash size and minimumpower consumption

e results of AES implementation are shown inFigure 14(b) in which a nine-round AES has beenimplemented on ESP32 with a LoRa module It could beseen that the encrypted string is entirely different than theplaintext string which is due to bit-level changes made inthe string during encryption Furthermore imple-mentation of different numbers of encryption roundsgenerates a unique encrypted string which gives an ad-ditional advantage by increasing complexity A differentciphertext for the same message can be generated bychanging either number of rounds or changing keyFlexibility in changing key was achieved by externallyconnected buttons by either changing the number ofencryption rounds or the key

Figure 14(c) shows the results of the implementation ofAES with MAC on ESP32 with the LoRa module wherethe 192-bit received message is split into the 128-bitciphertext and the 64-bit MAC Decryption is applied onthe ciphertext and the plaintext is extracted from it afterapplying ldquonrdquo decryption rounds From that plaintextagain n + 1 round ciphertext is calculated An XOR sumis calculated between alternate bits of n + 1 round ci-phertext and respective plaintext bits To check the au-thenticity of the message calculated MAC is comparedwith the received MAC at the bit level and even a singlebit change in the received message is also detected in thiscomparator

(a) (b)

Figure 9 (a) A dedicated dragino LoRa gateway (b) Dragino real time data load


Figures 14(d)ndash14(f) shows the results of one unit fromevery level of the mesh network In Figure 14(d) theresults show that the sender is ldquoNode1rdquo of level 2 themessage is for the SCADA unit and these addresses arefollowed by the encrypted message string and the MACaddress e receiver (SCADA) will calculate the MACaddress from the encrypted string and will compare thatwith the MAC added after encrypted string to verify themessage authenticity In the results the calculated MACand received MAC are equal due to which verificationstatus has been shown ldquoauthenticrdquo and the message hasbeen decrypted to process

Figure 14(d) shows the results of a node which is acting asa bridge between the nodes of the level 2 and SCADA unit Itcompares the targeted node ID with its device ID and findsthat the message is for another node and sends the messageforward without changing or processing e results ofFigure 14(f) show the results of a message sent from theSCADA unit and the targeted node ID is ldquoNode1rdquoe stringhas the four parts such as sender ID receiver ID theencrypted message and the MACe verification steps werefollowed before processing the message and the final messagestatus ldquoauthenticrdquo proves the successful two-way communi-cation of the nodes in the mesh network

Sleep

Execute Messagereceived

Decrypt T FIf (received

receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)

Figure 11 (a) Process flow chart for an intermediate level node (b) Mesh network for improved LoRa range (c) Range testing afterimplementing a mesh network

Figure 10 ESP32-LoRa range testing


8 Conclusion

Implementation of AES cryptography with MAC for theSCADA system using ESP32 with LoRa was tested It provedto be the best method of secured authentic and flexiblecommunication In a prototype system a point-to-pointsecure and authentic communication has been achievedfor which the setup costs less than C$40 and consumespower less than 5mW e implemented encryption algo-rithm (AES) is also the most resistant cryptographic algo-rithm It is only vulnerable to brute force attack which

requires 2128 different keys to be tested to ensure the suc-cessful decryption Moreover its range was improved byimplementing it in a mesh network By implementing thisnetwork as implemented here on a prototype network asecure and sophisticated low-cost remotely accessible localand remote data logging with broader coverage area usingmesh network can be achieved It seems to be the best solutionto implement the SCADA system for the distributed oper-ating units and integrated IoTnetwork to achieve a secure andauthentic communication system In the distributed powergeneration and microgrids its implementation for the

Web

GatewayESP32 draginoMesh

nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt

verify MACadd MACparse sender receiver ID

add sender receiver IDconfirm authorization

process and send togateway

Local storage

Local storage Local storage

Local storageInverter

Inverter Inverter

Inverter

ESP32Encryptdecrypt

add MACverify MACadd sender receiver IDparse sender receiver ID

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


Wire communicationWireless communication

Figure 12 Complete system block diagram

Figure 13 ESP32 with LoRa module used for AES implementation


(a)

(b)

(c)

Sender ID

Encrypted message MACReceiver ID

(d)

(e)

Figure 14 Continued


SCADA system and protects power generation from thehostile actors and it can send wireless data over many ki-lometers with low-cost and negligible power consumption

Data Availability

e data used to support the findings of this study areavailable from the corresponding author upon request

Disclosure

is work is the extension of previous conference paperldquoLow-Cost and Secure Communication System for RemoteMicrogrids using AES Cryptography on ESP32 with LoRaModulerdquo presented at EPEC 2018 Here it has been sig-nificantly extended and elaborated

Conflicts of Interest

e authors declare that all used software devices wereselected on professional basis Furthermore the authorscertify that there are no actual or potential conflicts of in-terest in relation to this article

Acknowledgments

is research was funded by the Natural Sciences and En-gineering Research Council (NSERC) of Canada e au-thors would like to acknowledge the financial support ofNSERC and technical support of friends family and theMemorial University of Newfoundland

References

[1] C Mavrokefalidis D Ampeliotis and K Berberidis ldquoA studyof the communication needs in micro-grid systemsrdquo inProceedings of the General Assembly and Scientific Symposiumof the International Union of Radio Science (URSI GASS) 2017pp 1ndash4 Montreal Canada August 2017

[2] A Garcıa-Domınguez ldquoEnabling SCADA cluster and cloudfor smart grid using hierarchical multicast the PTMFframeworkrdquo in Proceedings of the IEEE International

Conference on Industrial Technology vol 2015 pp 218ndash225Seville Spain June 2015

[3] H H Safa D M Souran M Ghasempour and A KhazaeeldquoCyber security of smart grid and SCADA systems threatsand risksrdquo in Proceedings of the CIRED Workshop 2016pp 1ndash4 Helsinki Finland June 2016

[4] E Bou-Harb C Fachkha M Pourzandi M Debbabi andC Assi ldquoCommunication security for smart grid distributionnetworksrdquo IEEE Communications Magazine vol 51 no 1pp 42ndash49 2013

[5] A Tanenbaum ldquoNetwork securityrdquo in Computer Networkspp 767ndash790 Pearson London UK 5th edition 2011

[6] H Su M Qiu and HWang ldquoSecure wireless communicationsystem for smart grid with rechargeable electric vehiclesrdquoIEEE Communications Magazine vol 50 no 8 pp 62ndash682012

[7] D NamdeoHire ldquoSecured wireless data communicationrdquoInternational Journal of Computer Applications vol 54 no 1pp 27ndash30 2012

[8] A A P Ratna and R F Sari ldquoA test bed implementation ofsecure and lightweight privacy preservation mechanism usingscrambled Fibonacci and XOR for ZigBeerdquo in Proceedings ofthe Region 10 Conference TENCON 2017 pp 863ndash868George Malaysia November 2017

[9] Y-S Tsai C-Y Chu M-C Li Y-H Lin and P ChenldquoIntelligent DC power monitoring system and sensor networkbased on ZigBee-equipped smart socketsrdquo in Proceedings ofthe 5th International Symposium on Next-Generation Elec-tronics ISNE 2016 Hsinchu Taiwan May 2016

[10] A Shahzad Y G Kim and A Elgamoudi ldquoSecure IoTplatform for industrial control systemsrdquo in Proceedings of the2017 International Conference on Platform Technology andService Busan Korea February 2017

[11] A V D M Kayem H Strauss S D Wolthusen andC Meinel ldquoKey management for secure demand data com-munication in constrained micro-gridsrdquo in Proceedings of theIEEE 30th International Conference on Advanced InformationNetworking and Applications Workshops pp 585ndash590 TaipeiTaiwan March 2016

[12] J L Tsai and N W Lo ldquoSecure anonymous key distributionscheme for smart gridrdquo IEEE Transactions on Smart Grid vol 7p 1 2016 httpsieeexploreieeeorgabstractdocument7134810

[13] X Miao and X Chen ldquoCyber security infrastructure of smartgrid communication systemrdquo in Proceedings of the China

(f )

Figure 14 (a) AES implementation on Arduino DRF1276G with LoRa module (b) AES implementation results on ESP32 with LoRamodule (c) Implementation of AES with MAC on ESP32 with LoRa module (d) Results of terminal node in a mesh network (e) In-termediate level node forwarding message back and through in the mesh network (f ) Message sent from SCADA unit with the targetednode ID


International Conference on Electricity Distribution pp 5-6Shanghai China September 2012

[14] C-S Choi J-D Jeong I-W Lee and W-K Park ldquoLoRabased renewable energy monitoring system with open IoTplatformrdquo in Proceedings of the International Conference onElectronics Information and Communication (ICEIC)pp 1-2 Honolulu HI USA January 2018

[15] H-R Lee W-J Kim K Park H-J Cho and C-H LinldquoDevelopment of an easy payment system based on IoTgatewayrdquo in Proceedings of the International Conference onElectronics Information and Communication (ICEIC)pp 1ndash3 Honolulu HI USA January 2018

[16] R G Anvekar R M Banakar and R R Bhat ldquoDesign al-ternatives for end user communication in IoT based systemmodelrdquo in Proceedings of the IEEE Technological Innovationsin ICT for Agriculture and Rural Development (TIAR)Chennai India 2017 httpsieeexploreieeeorgdocument8273698

[17] W Stallings ldquoCryptography and Network Securityrdquo PearsonLondon UK 5th edition 2011

[18] P Patil P Narayankar D G Narayan and S M Meena ldquoAcomprehensive evaluation of cryptographic algorithms DES3DES AES RSA and blowfishrdquo Procedia Computer Sciencevol 78 pp 617ndash624 2016

[19] T W F Adelantado X Vilajosana P Tuset-PeiroB Martinez and J Melia-Segui ldquoUnderstanding the limits ofLoRaWANrdquo IEEE Communications Magazine vol 55 no 9pp 34ndash40 2017

[20] B Jalaian T Gregory N Suri S Russell L Sadler andM Lee ldquoEvaluating LoRaWAN-based IoT devices for thetactical military environmentrdquo in Proceedings of the IEEEWorld Forum on Internet of ings WF-IoT 2018 LimerickIreland May 2018

[21] S J Habib M Ahmad M A Syed Hassan Ahmed andJ J P C Rodrigues ldquoSpeeding up the internet of ingsrdquoIEEE Consumer Electronics Magazine vol 7 no 6 pp 31ndash372018

[22] L Salman S Salman and S Jahangirian ldquoEnergy efficientIoT-based smart homerdquo in Proceedings of the 2016 IEEE 3rdWorld Forum on Internet of ings (WF-IoT) Reston VAUSA December 2016

[23] Dragino LG01 LoRa Gateway User Manual QueenslandUniversity of Technology Brisbane Queensland 2018


International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom

14 Nonrepudiation If there is any alteration in the mes-sage whether due to the channel error or attackerrsquos in-terference the receiver must be able to recognize that anddecline the message

In [7ndash9] a few techniques have been discussed to addressthe communication security issues In their proposedmethods a third party is involved to ensure the security of thecommunication network or setup which depends upon thethird-party network to communicate with remote end devices(REDs) Different encryption algorithms have been proposedin [10 11] to secure the communication system using dif-ferent cryptographic techniques eg shift cipher and sub-stitution cipher but for a cryptanalyst they are too simple tobreak or other encryption algorithms proposed in [12 13] Acryptanalyst can easily take the control of the system and canmodify the control messages as demonstrated in Figure 1 InFigure 1 an eavesdropper receives the message from theSCADA unit and modifies the messages and control com-mand and sends that to the remote end device (RED) pre-tending to be the SCADA unit and hacks the system In thisway control information becomes prone to the eavesdropperand loses authenticity and security Specifically in a smart-grid network secure communication between the energymeters and the SCADA system requires a low cost and asecure communication setup with improved power efficiencyTo provide remote access a Raspberry Pi could also have beenused for gateway purposes just like [14 15 16] but thatconsumes 3-4 times more power than this tiny ESP32 In thispaper we have proposed and implemented a secure andauthentic communication system using an Advanced En-cryption Standard (AES) algorithm It is usually used forextreme confidential communication purposes for militaryapplications which do not involve any third party

In Section 2 the implementation of different encryptionalgorithms on Arduino DRF1276GESP32 with LoRa forcommunication security have been discussed and comparede comparison criteria are based upon their security andresistance against attacks AES algorithm implementationsteps and security have been explained in Section 3 Section 4explains the local data logging on the SD card and the testingof the data transmission rate for different spreading factors Italso visualizes the comparison of received and sent messagesat different spreading factors (at SF-7 and SF-12) In Section 5two different gateways have been configured to upload thedata to the server for remote access and their pros and conshave been discussed briefly Range testing and improvementsin transmission range using a mesh network algorithm havebeen explained in Section 6 In Section 7 the results of AESand MAC implementation on Arduino DRF1276G LoRa andESP32-LoRa have been shown and discussed

2 Cryptographic Algorithms on Arduino withDRF1276G LoRa Module

To achieve the previously discussed four features of a secureand authentic communication system for microgrid multipleencryption algorithms were implemented on the ArduinoDRF1276G LoRa module but all cryptographic algorithms donot provide the equal secrecy level Figure 2 shows a photo of

the Arduino LoRa module used to implement the ciphersdiscussed below with their security against attacks

21 ShiftCipher In shift cipher all characters of the messageare shifted by the same number For example if the messageis ldquoabcdefrdquo and the shift is by 3 characters then after shift ldquoardquowill go to ldquodrdquo ldquobrdquo to ldquoerdquo and so on as demonstrated below

Plaintext f

Ciphertext e f g h i

edcba

d

As there are only 25 possible shifts it means that its keyset has only 25 elements and cipher can easily be decryptedwithin 25 attempts [17]

22 Affine Cipher Key set of affine cipher is little bit largerthan substitution cipher In this technique the ciphertext iscalculated by solving a simple linear equation under modulo26 because there are only 26 alphabets

For instance ldquoyrdquo indicates ciphertext and ldquoxrdquo indicatesplaintext and then y alowast x+ b where ldquoardquo and ldquobrdquo areconstants but less than 26 Its keyspace contains possiblevalues for ldquobrdquo and the possible values for which are 26 and12 respectively So this cipher could be decrypted within26times12 312 attempts [17]

23 SubstitutionCipher Substitution cipher givesmuch bettersecurity than the shift and affine cipher due to large key size Inthe implementation it is quite similar to the shift cipher buteach plaintext character is not shifted by the same number eg

PlaintextCiphertext d z h k a f

a b c d e f

e first character could be substituted by any of theother 25 characters second character by any of the rest of 24characters and so on In this way possible key size becomes

|K| 25 times 24 times 23 1 25 (1)

24 Transposition Cipher In this cipher the characters arenot substituted rather they are shuffled with each otherwithin the plaintext block eg

Attacker

Red

Red Red

Red

SCADAsetup

Figure 1 Eavesdropper masquerading the SCADA network


Plaintext

Ciphertext

C A ADAN

D N A C A A




D

R1113890 1113891


will be 601113890 1113891

G


D⟶

R⟶

1 3

2 11113890 1113891

4

181113890 1113891

58

261113890 1113891

6

01113890 1113891(mod 26) (2)

















Plaintext Plaintext


Substitute bytes

Substitute bytes

Substitute bytes

Inverse subbytes

Inverse subbytes

Inverse subbytes

Inverse shi rows

Inverse shi rows

Inverse shi rows

Inverse mix cols

Inverse mix cols

Shi rows

Shi rows

Shi rows

Mix columns

Mix columns

Add round key

Add round key

Add round key

Add round key

Add round key

Add round key

Roun

d 1

Roun

d 9

Roun

d 9

Roun

d 10

Roun

d 10

Roun

d 1

Key

Expand Key

w[0 3]

w[4 7]

w[36 39]

w[40 43]


yenyenyen

yenyenyen


Encryptmessage

Plaintextmessage

Processplaintext



Sender

Calculate64-bit MAC

Decryptmessage

Receiver

Verify MAC




















45004000350030002500200015001000

5000

0 2 4 6 8 10 12 14

Tim

e (m

s)



Series 1

(a)

0 2 4 6 8 10 12 14

45005000

4000350030002500200015001000

5000

Tim

e (m

s)



Series 1

(b)


(a)

(b)








7 Results






(a) (b)





Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Plaintext

Ciphertext

C A ADAN

D N A C A A




D

R1113890 1113891


will be 601113890 1113891

G


D⟶

R⟶

1 3

2 11113890 1113891

4

181113890 1113891

58

261113890 1113891

6

01113890 1113891(mod 26) (2)

















Plaintext Plaintext


Substitute bytes

Substitute bytes

Substitute bytes

Inverse subbytes

Inverse subbytes

Inverse subbytes

Inverse shi rows

Inverse shi rows

Inverse shi rows

Inverse mix cols

Inverse mix cols

Shi rows

Shi rows

Shi rows

Mix columns

Mix columns

Add round key

Add round key

Add round key

Add round key

Add round key

Add round key

Roun

d 1

Roun

d 9

Roun

d 9

Roun

d 10

Roun

d 10

Roun

d 1

Key

Expand Key

w[0 3]

w[4 7]

w[36 39]

w[40 43]


yenyenyen

yenyenyen


Encryptmessage

Plaintextmessage

Processplaintext



Sender

Calculate64-bit MAC

Decryptmessage

Receiver

Verify MAC




















45004000350030002500200015001000

5000

0 2 4 6 8 10 12 14

Tim

e (m

s)



Series 1

(a)

0 2 4 6 8 10 12 14

45005000

4000350030002500200015001000

5000

Tim

e (m

s)



Series 1

(b)


(a)

(b)








7 Results






(a) (b)





Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





Plaintext Plaintext


Substitute bytes

Substitute bytes

Substitute bytes

Inverse subbytes

Inverse subbytes

Inverse subbytes

Inverse shi rows

Inverse shi rows

Inverse shi rows

Inverse mix cols

Inverse mix cols

Shi rows

Shi rows

Shi rows

Mix columns

Mix columns

Add round key

Add round key

Add round key

Add round key

Add round key

Add round key

Roun

d 1

Roun

d 9

Roun

d 9

Roun

d 10

Roun

d 10

Roun

d 1

Key

Expand Key

w[0 3]

w[4 7]

w[36 39]

w[40 43]


yenyenyen

yenyenyen


Encryptmessage

Plaintextmessage

Processplaintext



Sender

Calculate64-bit MAC

Decryptmessage

Receiver

Verify MAC




















45004000350030002500200015001000

5000

0 2 4 6 8 10 12 14

Tim

e (m

s)



Series 1

(a)

0 2 4 6 8 10 12 14

45005000

4000350030002500200015001000

5000

Tim

e (m

s)



Series 1

(b)


(a)

(b)








7 Results






(a) (b)





Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



















45004000350030002500200015001000

5000

0 2 4 6 8 10 12 14

Tim

e (m

s)



Series 1

(a)

0 2 4 6 8 10 12 14

45005000

4000350030002500200015001000

5000

Tim

e (m

s)



Series 1

(b)


(a)

(b)








7 Results






(a) (b)





Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






7 Results






(a) (b)





Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




Sleep



receiverID == node

ID)

Do-nothing

Transmitforward

(a)

Level-2node

Level-1node

Level-1node

Level-1node

Level-1node

Level-2node

Level-2node

Level-2node

Centralcontrol

unit

Out of

LoRa r

ange

Within LoRa range

With

in Lo

Raran

ge

(b)

(c)




8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


8 Conclusion



Web


nodeMeshnode

Meshnode

Meshnode

SCADADecryptencrypt




Local storage



Inverter Inverter

Inverter

ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt


ESP32Encryptdecrypt






(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


(a)

(b)

(c)

Sender ID


(d)

(e)

Figure 14 Continued



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



Data Availability


Disclosure




Acknowledgments


References















(f )

















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia
















RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Low-CostandSecureCommunicationSystemforSCADA...

Documents

Transcript of Low-CostandSecureCommunicationSystemforSCADA...