Reword abstract, small fixes
This commit is contained in:
jaseg
parent
92d73546a7
commit
201b9e8570
1 changed files with 81 additions and 26 deletions
|
|
@ -37,7 +37,7 @@ Conference}{December 5--9}{Austin, TX, USA}
|
|||
Ripples in the Pond: Transmitting Information through Grid Frequency Modulation
|
||||
}
|
||||
|
||||
\author{Jan Götte}
|
||||
\author{Jan Sebastian Götte}
|
||||
\affiliation{
|
||||
\institution{Technische Universität Darmstadt}
|
||||
\city{Darmstadt}
|
||||
|
|
@ -61,13 +61,66 @@ Conference}{December 5--9}{Austin, TX, USA}
|
|||
}
|
||||
\email{scheuermann@kom.tu-darmstadt.de}
|
||||
|
||||
\renewcommand{\shortauthors}{Götte, Katzir and Scheuermann}
|
||||
\begin{CCSXML}
|
||||
<ccs2012>
|
||||
<concept>
|
||||
<concept_id>10010583.10010662.10010668.10010671</concept_id>
|
||||
<concept_desc>Hardware~Power networks</concept_desc>
|
||||
<concept_significance>500</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10010583.10010662.10010668.10010672</concept_id>
|
||||
<concept_desc>Hardware~Smart grid</concept_desc>
|
||||
<concept_significance>300</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10010583.10010750.10010769</concept_id>
|
||||
<concept_desc>Hardware~Safety critical systems</concept_desc>
|
||||
<concept_significance>500</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10010520.10010553.10010562.10010561</concept_id>
|
||||
<concept_desc>Computer systems organization~Firmware</concept_desc>
|
||||
<concept_significance>300</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10010520.10010553.10010562.10010563</concept_id>
|
||||
<concept_desc>Computer systems organization~Embedded hardware</concept_desc>
|
||||
<concept_significance>300</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10002978.10002997.10002998</concept_id>
|
||||
<concept_desc>Security and privacy~Malware and its mitigation</concept_desc>
|
||||
<concept_significance>300</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10002978.10003001.10003003</concept_id>
|
||||
<concept_desc>Security and privacy~Embedded systems security</concept_desc>
|
||||
<concept_significance>500</concept_significance>
|
||||
</concept>
|
||||
<concept>
|
||||
<concept_id>10002978.10003001.10003599.10011621</concept_id>
|
||||
<concept_desc>Security and privacy~Hardware-based security protocols</concept_desc>
|
||||
<concept_significance>300</concept_significance>
|
||||
</concept>
|
||||
</ccs2012>
|
||||
\end{CCSXML}
|
||||
|
||||
\ccsdesc[500]{Hardware~Power networks}
|
||||
\ccsdesc[300]{Hardware~Smart grid}
|
||||
\ccsdesc[500]{Hardware~Safety critical systems}
|
||||
\ccsdesc[300]{Security and privacy~Malware and its mitigation}
|
||||
\ccsdesc[500]{Security and privacy~Embedded systems security}
|
||||
\ccsdesc[300]{Security and privacy~Hardware-based security protocols}
|
||||
|
||||
\begin{abstract}
|
||||
The dependence of the electrical grid on networked control systems is steadily rising. While utilities can defend
|
||||
their side of the grid effectively through rigorous IT security measures such as physically separated control
|
||||
networks, the increasingly large heterogenous ecosystem of networked devices on the consumer side such as smart
|
||||
meters or large IoT-connected appliances such as air conditioners is much harder to secure. We consider a crisis
|
||||
scenario in which an attacker compromises a large number of consumer-side devices and modulates their electrical
|
||||
power to destabilize the grid and cause an electrical outage~\cite{ctap+11,wu01,zlmz+21,kgma21,smp18,hcb19}.
|
||||
The growing heterogenous ecosystem of networked consumer devices such as smart meters or IoT-connected appliances
|
||||
such as air conditioners is difficult to secure, unlike the utility side of the grid which can be defended
|
||||
effectively through rigorous IT security measures such as isolated control networks. In this paper, we consider a
|
||||
crisis scenario in which an attacker compromises a large number of consumer-side devices and modulates their
|
||||
electrical power to destabilize the grid and cause an electrical
|
||||
outage~\cite{ctap+11,wu01,zlmz+21,kgma21,smp18,hcb19}.
|
||||
|
||||
In this paper propose a broadcast channel based on the modulation of grid frequency through which utility operators
|
||||
can issue commands to devices at the consumer premises both during an attack for mitigation and in its wake to aid
|
||||
|
|
@ -80,7 +133,7 @@ Conference}{December 5--9}{Austin, TX, USA}
|
|||
|
||||
To validate our proposed design, we conducted simulations based on measured grid frequency behavior. Based on these
|
||||
simulations, we performed an experimental validation on simulated grid voltage waveforms using a smart meter
|
||||
equipped with a prototype safety reset system based on an inexpensive commodity microcontroller.
|
||||
equipped with a prototype safety reset system based on a commodity microcontroller.
|
||||
\end{abstract}
|
||||
|
||||
\maketitle
|
||||
|
|
@ -239,7 +292,7 @@ This work contains the following contributions:
|
|||
\subsection{Components and interactions}
|
||||
|
||||
The electrical grid transmits alternating current electrical power from generators to loads. Any device that is
|
||||
connected to the grid must run ``synchronously'' with the grid, i.e.\ it must produce or consume power following the
|
||||
connected to the grid must run \emph{synchronous} with the grid, i.e.\ it must produce or consume power following the
|
||||
grid's voltage waveform. In generators and motors, the electromotive force acts to synchronize the device with the grid.
|
||||
Connecting a generator that has not been synchronized to the grid leads to large currents flowing through the
|
||||
generator's windings, inducing extreme forces that can mechanically destroy the generator. Similarly, if the inverters
|
||||
|
|
@ -247,7 +300,7 @@ of a solar power station would try to fight the grid, the grid would win and the
|
|||
release their magic smoke.
|
||||
|
||||
Originally, all power sources on the grid were synchronous rotating generators. Today, the shift towards renewable
|
||||
energies and the introduction of high-voltage DC links has led to some of the grid's generating capacity being replaced
|
||||
energy and the introduction of high-voltage DC links has led to some of the grid's generating capacity being replaced
|
||||
with inverters that electronically emulate the grid's voltage waveform to efficiently convert a DC input to the grid's
|
||||
alternating current.
|
||||
|
||||
|
|
@ -349,15 +402,18 @@ makes the task harder.
|
|||
|
||||
In~\cite{smp18}, Soltan, Mittal and Poor investigated an attack scenario where an attacker first gains control over a
|
||||
large number of high wattage devices through an IoT security vulnerability, then uses this control to cause rapid load
|
||||
spikes. The researchers performed computer simulations for a range of parameters and concluded that given sufficiently
|
||||
many compromised devices, an attacker can cause issues up to a large-scale blackout.
|
||||
spikes. The researchers performed computer simulations for a range of parameters and concluded that an attacker
|
||||
controlling 200 - 300 devices of $\SI{1}{\kilo\watt}$ each per megawatt of total grid power (equivalent to
|
||||
30\% of total connected power) can cause a large-scale blackout in a healthy grid, while 10 such compromised
|
||||
devices per megawatt (1\% of total power) are enough to cause cascading line failures that may ultimately lead
|
||||
up to a large-scale blackout.
|
||||
|
||||
In~\cite{hcb19}, Huang, Cardenas and Baldick raised a counter-point to the conclusions of Soltan et al., finding that
|
||||
limitations of their simulations in~\cite{smp18} have lead them to over-estimate the severity of an attack. Using a more
|
||||
accurate model, they confirmed that such attacks can cause problems such as localized blackouts and the decay of the
|
||||
grid into islands, but they found that overall the electrical grid is less vulnerable than previously assumed and
|
||||
particularly large-scale blackouts are very unlikely, primarily due to the action of protection systems such as load
|
||||
shedding and over frequency protection.
|
||||
In~\cite{hcb19}, Huang, Cardenas and Baldick raised a counter-point to the conclusions of Soltan et al., arguing that
|
||||
limitations of their simulations in~\cite{smp18} have lead them to over-estimate the severity of an attack. Using a
|
||||
model tailored to accurately represent the grid's protection mechanisms, they found that due to the action of protection
|
||||
systems such as load shedding and over frequency protection, large attacks of 30\% of total grid power are likely to
|
||||
cause only localized blackouts and the decay of the grid into islands, instead of a large-scale blackout. Smaller attack
|
||||
sizes between 1\% and 10\% proved to be largely harmless in their simulations.
|
||||
|
||||
From literature, we get the overall impression that both IoT and Smart Grid security are challenging. Both lack behind
|
||||
the security standard of state of the art desktop, server and smartphone operating systems. Reasons for this are the
|
||||
|
|
@ -377,9 +433,7 @@ In this instance, market forces do not align with the interest of the public at
|
|||
especially in code implementing complex network protocols such as TLS~\cite{georgiev01}, which may even be mandated by
|
||||
national standards in some devices such as smart electricity meters.
|
||||
|
||||
\subsection{Reliably resetting an IoT or Smart Grid device}
|
||||
|
||||
|
||||
%\subsection{Reliably resetting an IoT or Smart Grid device}
|
||||
|
||||
\subsection{Oscillations in the electrical grid}
|
||||
|
||||
|
|
@ -467,7 +521,7 @@ powered up, while communciation networks such as FTTH or 5G are still rebooting,
|
|||
centralized infrastructure that are connected to different power islands to come back online. Mesh networks such as
|
||||
LoraWAN can cover short distances up to $\SI{20}{\kilo\meter}$ without requiring infrastructure to be available, but for
|
||||
longer distances LoraWAN relies on the public internet for its network backbone. Additionally, systems such as FTTH, 5G
|
||||
and LoraWAN are built around a point-to-point communication model and usually do not support a generic broadcast
|
||||
and LoraWAN are built around a point-to-point communication model and usually do not support a global broadcast
|
||||
primitive. During times when a large number of devices must be reached simultaneously this can lead to congestion of
|
||||
cellular towers and servers. Therefore, during an ongoing cyberattack, grid frequency is promising as a communication
|
||||
channel because only a single transmitter facility must be operational for it to function, and this single transmitter
|
||||
|
|
@ -855,13 +909,14 @@ Source code and EDA designs are available at the public repository listed at the
|
|||
This work has been co-funded by the LOEWE initiative (Hesse, Germany) within the emergenCITY center.
|
||||
\end{acks}
|
||||
|
||||
\bibliographystyle{plain}
|
||||
\bibliography{\jobname}
|
||||
|
||||
\center{
|
||||
\footnotesize
|
||||
\center{This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today.}
|
||||
%\center{This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today.}
|
||||
\center{Source files and associated data for this work can be found in the git repository at the following URL:
|
||||
\url{https://git.jaseg.de/safety-reset.git} }
|
||||
}
|
||||
|
||||
\bibliographystyle{ACM-Reference-Format}
|
||||
\bibliography{\jobname}
|
||||
|
||||
\end{document}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue