Visible to the public Biblio

Filters: Author is Yan Zhang  [Clear All Filters]
Hong Liu, Huansheng Ning, Yan Zhang, Qingxu Xiong, Yang, L.T..  2014.  Role-Dependent Privacy Preservation for Secure V2G Networks in the Smart Grid. Information Forensics and Security, IEEE Transactions on. 9:208-220.

Vehicle-to-grid (V2G), involving both charging and discharging of battery vehicles (BVs), enhances the smart grid substantially to alleviate peaks in power consumption. In a V2G scenario, the communications between BVs and power grid may confront severe cyber security vulnerabilities. Traditionally, authentication mechanisms are solely designed for the BVs when they charge electricity as energy customers. In this paper, we first show that, when a BV interacts with the power grid, it may act in one of three roles: 1) energy demand (i.e., a customer); 2) energy storage; and 3) energy supply (i.e., a generator). In each role, we further demonstrate that the BV has dissimilar security and privacy concerns. Hence, the traditional approach that only considers BVs as energy customers is not universally applicable for the interactions in the smart grid. To address this new security challenge, we propose a role-dependent privacy preservation scheme (ROPS) to achieve secure interactions between a BV and power grid. In the ROPS, a set of interlinked subprotocols is proposed to incorporate different privacy considerations when a BV acts as a customer, storage, or a generator. We also outline both centralized and distributed discharging operations when a BV feeds energy back into the grid. Finally, security analysis is performed to indicate that the proposed ROPS owns required security and privacy properties and can be a highly potential security solution for V2G networks in the smart grid. The identified security challenge as well as the proposed ROPS scheme indicates that role-awareness is crucial for secure V2G networks.

Guowei Dong, Yan Zhang, Xin Wang, Peng Wang, Liangkun Liu.  2014.  Detecting cross site scripting vulnerabilities introduced by HTML5. Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on. :319-323.

Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5.

Sabita Maharjan, Quanyan Zhu, University of Illinois at Urbana-Champaign, Yan Zhang, Stein Gjessing, Tamer Başar, University of Illinois at Urbana-Champaign.  2013.  Dependable Demand Response Management in Smart Grid: A Stackelberg Game Approach. IEEE Transactions on Smart Grid. 4(1)

Demand ResponseManagement (DRM) is a key component in the smart grid to effectively reduce power generation costs and user bills. However, it has been an open issue to address the DRM problem in a network of multiple utility companies and consumers where every entity is concerned about maximizing its own benefit. In this paper, we propose a Stackelberg game between utility companies and end-users to maximize the revenue of each utility company and the payoff of each user. We derive analytical results for the Stackelberg equilibrium of the game and prove that a unique solution exists.We develop a distributed algorithm which converges to the equilibrium with only local information available for both utility companies and end-users. Though DRM helps to facilitate the reliability of power supply, the smart grid can be succeptible to privacy and security issues because of communication links between the utility companies and the consumers. We study the impact of an attacker who can manipulate the price information from the utility companies.We also propose a scheme based on the concept of shared reserve power to improve the grid reliability and ensure its dependability.