jaseg/master-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ma: add some intro blurb

Browse source
This commit is contained in:
jaseg 2020-05-12 16:46:46 +02:00
parent 232dfb52da
commit 683f37e06e
2 changed files with 430 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

162
ma/safety_reset.bib
View file

@ -830,16 +830,6 @@
year = {2016},
}
@Article{kabalci01,
author = {Yasin Kabalci},
title = {A survey on smart metering and smart grid communication},
doi = {10.1016/j.rser.2015.12.114},
issn = {1364-0321},
pages = {302-318},
volume = {57},
year = {2016},
}
@Thesis{gasior02,
author = {Gasior, Marek},
title = {{Improving frequency resolution of discrete spectra: algorithms of three-node interpolation}},
@ -893,7 +883,7 @@
author = {Christian Egenhofer and Felice Simonelli and Andrea Renda and Antonella Zarra and William Schmitt and Aurélie Faure and Eleaonor Drabik and Vasileios Rizos and Thomas Hähl and Michèle Koper and Angelica Afanador and Marian Bons},
date = {2018},
institution = {European Commission, Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs},
title = {Composition and Driversof Energy Prices and Costs:Case Studies in SelectedEnergy Intensive Industries 2018},
title = {Composition and Drivers of Energy Prices and Costs: Case Studies in SelectedEnergy Intensive Industries 2018},
doi = {10.2873/937326},
url = {https://op.europa.eu/en/publication-detail/-/publication/424dac0a-ec77-11e8-b690-01aa75ed71a1/language-en},
}
@ -974,4 +964,154 @@
urldate = {2020-05-06},
}
@Report{ec02,
author = {Frédéric Tounquet and Clément Alaton},
date = {2019},
institution = {European Commission, Directorate-General for Energy, Directorate B - Internal Energy Market},
title = {Benchmarking smart meteringdeployment in the EU-28},
type = {resreport},
}
@WWW{destatis01,
editor = {Statistisches Bundesamt DeStatis},
date = {2020-03-06},
title = {Erzeugung - Bilanz - Monatsbericht über die Elektrizitätsversorgung},
url = {https://www.destatis.de/DE/Themen/Branchen-Unternehmen/Energie/Erzeugung/Tabellen/bilanz-elektrizitaetsversorgung.html},
urldate = {2020-05-07},
}
@Book{nelles01,
author = {Dieter Nelles and Christian Tuttas},
date = {1998},
title = {Elektrische Energietechnik},
doi = {10.1007/978-3-663-09902-4},
isbn = {978-3-663-09902-4},
year = {1998},
}
@Book{crastan01,
author = {Valentin Crastan},
date = {2015},
title = {Elektrische Energieversorgung 1},
doi = {10.1007/978-3-662-45985-0},
year = {2015},
}
@Book{crastan03,
author = {Valentin Crastan},
date = {2012},
title = {Elektrische Energieversorgung 3},
doi = {10.1007/978-3-642-20100-4},
isbn = {978-3-642-20099-1},
}
@Misc{simon01,
editor = {Liviu Constantinescu-Simon},
date = {1997},
title = {Handbuch Elektrische Energietechnik},
doi = {10.1007/978-3-322-85061-4},
year = {1997},
}
@WWW{kamstrup01,
author = {{Kamstrup A/S}},
title = {STS prepayment meter},
url = {https://www.kamstrup.com/en-en/electricity-solutions/smart-electricity-meters/sts-prepayment-meter},
urldate = {2020-05-11},
}
@Unpublished{itron01,
author = {{Itron Inc}},
date = {2012},
title = {Benutzerhandbuch Smart Meter EM 214},
url = {https://www.ewh.de/fileadmin/user_upload/Stromnetz/Zaehlerstaende/Produktbeschreibung_ITRON_EM214.pdf},
urldate = {2020-05-11},
}
@Unpublished{hager01,
author = {{Hager Group}},
date = {2017},
title = {Hager Smart Meter EHZ363 Betriebsanleitung},
url = {https://bnnetze.de/downloads/kunden/netzkunden/messstellenbetrieb-und-messung/funktionalitaet/hager-ehz363-betriebsanleitung.pdf},
urldate = {2020-05-11},
}
@TechReport{vseaes01,
date = {2010},
institution = {{Verband Schweizerischer Elektrizitätsunternehmen VSE}},
title = {Branchenempfehlung Strommarkt Schweiz Handbuch Smart Metering CH},
url = {https://web.archive.org/web/20130418034458if_/http://www.strom.ch:80/uploads/media/HBSM-CH_1018d_2010.pdf},
urldate = {2020-05-12},
}
@Article{geelen01,
author = {Daphne Geelen and Ruth Mugge and Sacha Silvester and Annemieke Bulters},
date = {2019},
journaltitle = {Energy Efficiency},
title = {The use of apps to promote energy saving: a study of smartmeterrelated feedback in the Netherlands},
doi = {https://doi.org/10.1007/s12053-019-09777-z},
issue = {12},
}
@TechReport{bmwi03,
author = {{Bundesministerium für Wirtschaft und Energie} and {Ernst and Young}},
date = {2013},
title = {Kosten-Nutzen-Analyse für einen flächendeckenden Einsatz intelligenter Zähler},
url = {https://www.bmwi.de/Redaktion/DE/Publikationen/Studien/kosten-nutzen-analyse-fuer-flaechendeckenden-einsatz-intelligenterzaehler.pdf?__blob=publicationFile&v=5},
urldate = {2020-05-12},
}
@InProceedings{rodden01,
author = {Tom A. Rodden and Joel E. Fischer and Nadia Pantidi and Khaled Bachour and Stuart Moran},
booktitle = {Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13},
date = {2013},
title = {At Home with Agents: Exploring Attitudes Towards Future Smart Energy Infrastructures},
doi = {10.1145/2470654},
year = {2013},
}
@InProceedings{pierce01,
author = {James Pierce and Eric Paulos},
booktitle = {CHI 2012},
date = {2012},
title = {Beyond Energy Monitors: Interaction, Energy, and Emerging Energy Systems},
doi = {10.1145/2207676.2207771},
subtitle = {interaction, energy, and emerging energy systems},
year = {2012},
}
@Article{lupton01,
author = {Deborah Lupton},
date = {2016},
journaltitle = {Economy and Society},
title = {The diverse domains of quantified selves: self-tracking modes and dataveillance},
doi = {10.1080/03085147.2016.1143726},
issn = {0308-5147},
pages = {101-122},
volume = {45},
year = {2016},
}
@InProceedings{costanza01,
author = {Enrico Costanza and Joel E. Fischer and James A. Colley and Tom Rodden and Sarvapali D. Ramchurn and Nicholas R. Jennings},
booktitle = {CHI 2014, One of a CHInd},
date = {2014},
title = {Doing the Laundry with Agents: a Field Trial of a Future SmartEnergy System in the Home},
doi = {10.1145/2556288.2557167},
subtitle = {a field trial of a future smart energy system in the home},
year = {2014},
}
@Article{fell01,
author = {Michael J. Fell and David Shipworth and Gesche M. Huebner and Clifford A. Elwell},
date = {2015},
journaltitle = {Energy Research and Social Science},
title = {Public acceptability of domestic demand-side response in Great Britain: The role of automation and direct load control},
doi = {10.1016/j.erss.2015.08.023},
issn = {2214-6296},
pages = {72-84},
volume = {9},
year = {2015},
}
@Comment{jabref-meta: databaseType:biblatex;}

307
ma/safety_reset.tex
View file

@ -93,39 +93,290 @@
\newpage
\chapter{Introduction}
% FIXME
\section{Structure and operation of the electrical grid}
Since this thesis is filed under \emph{computer science} we will provide a very brief overview of some basic aspects of
modern power grids.
\subsection{Structure of the electrical grid}
\subsubsection{Generators and loads}
% FIXME
\subsubsection{Hierarchical structure}
The electical grid is composed of a large number of systems such as distribution systems, power stations and substations
interconnected by long transmission lines. Mostly due to ohmic losses\footnote{
Power dissipation of a resistor of resistance $R [\Omega]$ given current $I [A]$ is $P_\text{loss} [W] =
U_\text{drop} \cdot I = I^2 \cdot R$. Fixing power $P_\text{transmitted} [W] = U_\text{line} \cdot I$ this yields a
dependency on line voltage $U_\text{line} [V]$ of $P_\text{loss} =
\left(\frac{P_\text{transmitted}}{U_\text{line}}\right)^2 \cdot R$. Thus, ignoring other losses a $2\times$ increase
in transmission voltage halves current and cuts ohmic losses to a quarter. In practice the economics of this are
much more complicated due to the cost of better isolation for higher-voltage parts and the added factor of power
factor compensation. }
the efficiency of transmission of electricity through long transmission lines increases with the square of
voltage\cite{crastan01,simon01}. % simon01: p. 425, 9.4.1.1, crastan p.55, 3.1
In practice economic considerations take into account a reduction of the considerable transmission losses (about
\SI{6}{\percent} in case of Germany\cite{destatis01}) as well as the cost of equipment such as additional transformers
and the cost increase for the increased volatage rating of components such as transmission lines. Overall these
considerations have led to a hierarchical structure where large amounts of energy are transmitted over very long
distances (up to thousands of kilometers) at very high voltages (upwards of \SI{200}{\kilo\volt}) and voltages get lower
the closer one gets to end-customer premises. In Germany at the local level a substation will distribute
\SIrange{10}{25}{\kilo\volt} % FIXME citation on this
to large industrial consumers and streets with small transformer substations converting this to the \SI{400}{\volt}
three-phase AC households are usually hooked up with.
\subsubsection{Generators}
Traditionally all generators in the power grid were synchronous machines. A synchronous machine is a generator that is
wound and connected in such a way that during normal operation its rotation is synchonous with the grid frequency. Grid
frequency and generator rotation speed are bidirectionally electromechanically coupled. If a generator would lag behind
the grid it would receive electrical energy from the grid and convert it into mechanical energy, acting as a motor.
Small deviations between rotational speed and grid frequency will be absorbed by the electromechanical coupling between
both. All generators connected to the grid operate synchronously. Maintaining this synchronization over time is the task
of complex control systems within each power station.
% FIXME influence of non-rotating sources: photovoltaics
\subsubsection{Switchgear}
In the electrical grid switches perform various roles. The ones a computer scientist would recognize are used for
routing electricity between transmission lines and transformers and can be classified into ones that can be switched
under load (called load switches) and ones that can not (called disconnectors). The latter are used to ensure parts of
the network are free from voltage. The former are used to re-route flows of electrical currents. A major difference in
their construction is that in contrast to disconnectors load switches have built-in components that extinguish the
high-power arc discharge that forms when the circuit is interrupted under load\footnote{
While an arc discharge is considered a fault condition in most low-voltage systems including computers, in energy
systems it is often part of normal operation.
}. Beyond this there are circuit breakers. Circuit breakers are safety devices that can still switch even under failure
conditions at several times the circuit's nominal current. They are activated automatically on conditions such as
overcurrent or overvoltage. Fuses can be considered non-resettable switches. The fuse in a computer power supply is
barely more than a glass tube with some wire in it that is designed to melt at the designated current. In energy systems
fuses are often much more complex devices that in some cases even utilize explosivese to quickly and decisively open the
circuit and extinguish the resulting arc discharge\cite{nelles01,crastan01,simon01}.
% disconnect switches, fuses, breakers -> crastan 1 (ch. 8)
\subsubsection{Transformers}
\subsubsection{Tie lines}
Along with transmission lines transformers are one of the main components most people will be thinking of when talking
about the electrical grid. Transformers connect grid segments at different voltage levels with one another. In the
distribution grid transformers are used to provide standard end-user voltage levels to the customer (e.g. 230/400V in
Europe) from a \SIrange{10}{25}{\kilo\volt} feeder. Transformers can also be used to convert between buses without a
fourth neutral conductor and buses with one.
Transformers are large and heavy devices consisting of thick copper wire or copper foil windings arranged around a core
made from thin stacked, insulated iron sheets. The entire core sits within a large metal enclosure that is filled with
liquid (usually a specialized oil) for both cooling and electrical insulation. This cooling liquid is cooled by means
such as radiator fins on the transformer enclosure itself or an external radiator. Depending on the design cooling may
rely on natural convection within the cooling liquid or on electrical pumps\cite{crastan01,simon01}.
Transformers come in a large variety of coil and wiring configurations. There exist autotransformers where the secondary
is part of the primary (or vice-versa) that are used to translate between voltage levels without galvanic isolation at
lower cost. Transformers used in parts of the electrical grid often have several taps and include \emph{tap changers}. A
tap changer is a system of mechanical switches that can be used to switch between several discrete transformer ratios to
adjust secondary voltage under load\cite{simon01}. Tap changers are used in the distribution grid to maintain the
specified voltage tolerances at the customer's connection.
\subsubsection{Instrument transformers}
While operating on the exact same physical principles instrument transformers are very different from regular
transformers in an energy system. Instrument transformers are specialized low-power transformers that are used as
transducers to measure voltage or current at very high voltages. They are part of the control and protection systems of
substations\cite{crastan01}.
\subsubsection{Chokes}
Chokes are large inductors. In power grid applications their construction is similar to the construction of a
transformer with the exception that they only have a single winding on the core. They are used for a variety of
purposes. A frequent use is as a series inductor on one of the phases or the neutral connection to limit transient fault
currents. In addition to use as simple series inductances for current limiting inductors are also used to tune LC
circuits. One such use are Petersen coils, large inductors in series with the earth connection at a transformer's star
point are used to quickly extinguish arcs between phase and ground on a transmission line. The Petersen coil forms a
parrallel LC resonant circuit with the transmission line's earth capacitance. Tuning this circuit through adjusting the
petersen coil reduces earth fault current to levels low enough to quickly extinguish the arc\cite{simon01}.
\subsubsection{Power factor correction}
Reactive power (also referred to as \emph{VAR} after its is unit Volt-Ampère Reactive) an important variable in the
operation of electrical grids (see sec.\ \ref{frequency_estimation}). If reactive power generation and consumption are
mismatched, high currents develop that lead to high transmission losses. For this reason grids include circuits to
compensate reactive power imbalances\cite{crastan01}. These circuits can be as simple as inductors or capacitors
connected to a power line but often can be switched to adapt to changing load conditions. Static Var compensators are
particularly fast-acting reactive power compensation devices whose purpose is to maintain bus voltage\cite{rogers01}.
\subsubsection{Transmission lines, bus bars and tie lines}
% cite crastan 1 on transmission lines, bus bars (ch. 8)
\subsubsection{Loads}
Lastly, there is the loads that the electrical grid serves. Loads range from mains-powered indicator lights in devices
such as light switches or power strips weighing in at mere milliwatts to large smelters in industrial metal production
that can consume a good fraction of a gigawatt all on their own.
\subsection{Operational concerns}
\subsubsection{Modelling the electrical grid}
\subsubsection{Generator controls}
\subsubsection{Load shedding}
\subsubsection{System stability}
\subsubsection{Power System Stabilizers}
% FIXME
\subsubsection{Generator controls}
% FIXME
\subsubsection{Load shedding}
% FIXME
\subsubsection{System stability}
% FIXME
\subsubsection{Power System Stabilizers}
% FIXME
\subsubsection{Smart metering}
\section{Smart meter technology}
\subsubsection{Common components}
Smart meters were a concept pushed by utility companies throughout the 00's. Smart metering is one component of the
larger societal shift towards digitally interconnected technology. Old analog meters required that service pesonnel
physically come to read the meter. \emph{Smart} meters automatically transmit their readings through modern
technologies. Utility companies were very interested in this move not only because of the cost savings for meter reading
personnel. Beyond this, an always-connected meter allows several entirely new use cases that have not been possible
before. One often-cited one is utilizing the new high-resolution load data to improve load forecasting to allow for
greater generation efficiency. Computerizing the meter also allows for new fee models where electricity cost is no
longer fixed over time but adapts to market conditions. Models such as prepayment electricity plans where the customer
is automatically disconnected until they pay their bill are significantly aided by a fully electronic system that can be
controlled and monitored remotely. A remotely controllable load switch can also be used to coerce customers in
situations where that was not previously economically possible\footnote{
The swiss association of electrical utility companies in sec.\ 7.2 par.\ (2)a of their 2010 whitepaper on the
introduction of smart metering\cite{vseaes01} cynically writes that remotely controllable load switches lead a new
tenant to swiftly register with the utility company. Mysteriously, this whitepaper completely vanished from their
website some time after publication. Luckily for us, the internet archive had a copy.
}.
Smart meters usually are built around a standard microcontroller. \label{sm-cpu}
\subsubsection{Cryptographic coprocessors}
\subsubsection{Physical structure}
\subsubsection{Physical installation}
To the customer the utility of a smart meter is largely limited to the convenience of being able to read it without
going to the basement. In the long term it is said that there will be second-order savings to the customer since
electricity prices adapting to the market situation along with this convenience will lead them to consume less
electricity and to consume it in a way that is more amenable to utilities, both leading to reduced cost. % FIXME citation
Traditional Ferraris counters with their distinctive rotating aluminium disc are simple electromechanical devices. Since
it does not include any failure-prone semiconductors or other high technology a cheap Ferraris-style meter can easily
last decades. In contrast to this, smart meters are complex high technology. They are vastly more expensive to develop
in the first place since they require the development and integration of large amounts of complex, custom firwmare. Once
deployed, their lifetime is severely limited by this very complexity. Complex semiconductor devices tend to fail, and
firmware that needs to communicate with the outside world tends to not age well. % FIXME citation
This combination of higher unit cost and lower expected lifetime leads to grossly increased costs per household. This
cost is usually shared between utility and customer. % FIXME citation
As part of its smart metering rollout the German government in 2013 had a study conducted on the economies of smart
meter installations. This study came to the conclusion that for the majority of households computerizing an existing
ferraris meter is uneconomical. For larger consumers or new installations the higher cost of installation over time is
offset by the resulting savings in electricity cost\cite{bmwi03}.
\subsection{Human-Computer Interaction aspects of smart meter technology}
% TODO the following paragraph uses "us" a bunch. Is that ok?
A fundamental aspect in realizing the cost and energy savings promised by the smart metering revolution is that it
requires a paradigm shift in consumer interaction. Previously most consumers would only confront their energy use when
their monthly or yearly electricity bill arrived. All of the cost savings smart meters promise over traditional metering
infrastructure\footnote{
We are excluding savings from Demand-Side Response (DSR) implemented through smart meters here: Traditional ripple
control systems already allowed for these, and due to the added cost of high-power relays many smart meters do not
include such features.
} critically depend on the consumer regularly interacting with the meter through an in-home display or app. We live in
an era where our attention is already highly contested. A myriad of apps and platforms compete for our attention through
our smart phones and other devices. Introducing an entirely new service into this already complex battleground is a large
endeavour. On the one hand it is not clear how this new service would compete with everything else. On the other hand if
it does manage to capture our attention and lead us to modify our behavior, what are the side effects? For instance,
does an in-home display increase financial anxiety in economically disadvantaged customers?
Human Computer Interaction research has touched the topic of smart metering several times and has many insights to offer
for technologists\cite{pierce01,rodden01,lupton01,costanza01,fell01}.
% FIXME continue this.
\subsection{Common components}
\label{sm-cpu} Smart meters usually are built around an off-the-shelf microcontroller. Some meters use specialized smart
metering SOCs\cite{ifixit01} while others use standard microcontrollers with core metering functions implemented in
external circuitry (cf.\ sec.\ \ref{sec-easymeter} where we detail the meter in our demonstration setup). Specialized
SoCs usually contain a segment LCD driver along with some high-resolution analog-to-digital converters for the actual
measurement functions. In many smart meter designs used outside of Germany the metering SoC will be connected to another
full-featured SoC acting as the MODEM. At a casual glance this might seem to be a security measure, but it may be more
likely that this is done to ease integration of one metering platform with several different communication stacks (e.g.\
proprietary sub-gigahertz wireless, powerline communication (PLC) or ethernet). In these architectures there is a clear
line of functional demarcation between the metering SoC and the MODEM. As evidenced by over-the-air software update
functionality (see e.g.\ \textcite{honeywell01}) this does not however extend to an actual security boundary.
Energy usage is calculated by measuring both voltage and current at high resolution and then integrating the
measurements. Current measurements are usually made with either a current transformer or a shunt in a four-wire
configuration. Voltage is measured by dividing input AC down with a resistor chain. Both are integrated digitally using
the MCU's time base as a reference.
Whereas legacy electromechanical energy meters only provided a display of aggregate energy use through a decimal counter
as well as an indirect indication of power through a rotating wheel one of the selling points of smart meters is their
ability to calculate advanced statistics on energy use. These statistics are supposed to help customers better target
energy conservation measures though evidence of this happening is scarce. % FIXME strong citation here plz!
In addition to the pure measurement and data aggregation functions in many deployments % FIXME citation. EU white paper?
smart meters perform two additional functions. One is to serve as a gateway between the utility company's control
systems and large controllable loads in the consumer's household for Demand-Side Management (DSM). % FIXME citation
In DSM the utility company can control when exactly a high-power device such as a water storage heater is turned on. To
the customer the precise timing does not matter since the storage heater is set so that it has enough hot water in its
reservoir at all times. The utility company however can use this degree of control to reduce load variations during
temporary imbalances such as peaks. The efficiency gains realized with this system translate into lower electricity
prices for DSM-enabled loads for the customer. Traditionally DSM was realized on a local level using ripple control
systems. In ripple control control data is coded by modulating a carrier at a low frequency such as \SI{400}{\hertz} on
top of the regular mains voltage. These systems require high-power transmitters at tens of kilowatts and still can only
bridge regional distances\cite{dzung01}.
Another important additional function is that in some countries some smart meters can be used to remotely disconnect
consumer households with outstanding bills. Using euphemisms such as \emph{Utility Revenue Protection} or the more
cynical \emph{Consumer Empowerment}\cite{kamstrup01} these systems allow an utility company to remotely disconnect a
customer at any time. Whereas before smart metering this required either additional hardware or an expensive site visit
by a qualified technician smart meters have ushered in an era of frictionless control\footnote{
Note that in some countries such as the UK non-networked mechanical prepayment meters did exist. In such systems the
user inserts coins into a coin slot that activates a load switch at the household's main electricity connection.
These systems were non-networked and did not allow for remote control. A disadvantage of such systems compared to
modern \emph{smart} systems are the high cost of the coin acceptor and the overhead of site visits required to empty
the coin box. % FIXME nice citation
}.
\subsection{Cryptographic coprocessors}
Just like in legacy electricity meters in smart meters physical security is still a key component of the overall system
design. Since in both types of meter cost depends on physical quantities being measured at the customer premises
customers can save cost in case they are able to falsify the meter's measurements without being detected. For this
reason both types of meters employ countermeasures against physical intrusion. Compared to high-risk devices such as
card payment processing terminals or ATMs the tamper proofing used in smart meters is only basic. Common measures
include sealing the case by irreversibly ultrasonically welding front and back plastic shells together or the use of
security seals on the lid covering the input/output screw terminals. Low-tech attacks using magnets to saturate the
current transformer's ferrite cores are detected using hall sensors\cite{itron01,hager01,easymeter01}.
German smart metering standards are unique in that they specify the use of a smartcard-like security module to provide
transport encryption and other cryptographic services\cite{bsi-tr-03109-2,bsi-tr-03109-2-a}.
% FIXME compare to other places where things are not as nice
\subsection{Physical structure and installation}
% FIXME
\section{Regulatory frameworks around the world}
% FIXME
\subsection{International standards}
% FIXME
\subsection{The regulatory situation in selected countries}
% FIXME
\subsubsection{Germany}
% FIXME
\subsubsection{France}
% FIXME
\subsubsection{the UK}
% FIXME
\subsubsection{Italy}
% FIXME
\subsubsection{Northern America}
% FIXME
\subsubsection{Japan}
% FIXME
\subsection{Common themes}
% FIXME
\section{Security in smart grids}
The smart grid in practice is nothing more or less than an aggregation of embedded control and measurement devices that
@ -444,7 +695,7 @@ denial-of-service attacks on our system by any of the four attacker types. All r
from the \emph{reset authority} and are cryptographically secured to provide authentication and tamper detection.
Under this model, attacks on the electrical grid components between the \emph{reset authority} and the customer device
degrade into man-in-the-middle attacks. To ensure the \textsc{safety} criterion from \ref{sec_criteria} holds we must
% FIXME check whether this \ref displays as intended
% TODO check whether this \ref displays as intended
make sure our cryptography is secure against man-in-the-middle attacks and we must try to harden the system against
denial-of-service attacks by the attacker types listed above. Given our attacker model we cannot fully guard against
this sort of attack but we can at least choose a commmunication channel that is resilient against denial of service
@ -559,16 +810,16 @@ single transmitter can cover an entire synchronous area. Though the transmitter
of a single large transmitter faces lower bureaucratic hurdles than integration of hundreds of smaller ones into
hundreds of local systems each with autonomous goverance.
\subsubsection{The frequency dependance of grid frequency}
\subsubsection{The frequency dependency of grid frequency}
Despite the awesome complexity of large power grids the physics underlying their response to changes in load and
generation is surprisingly simple. Individual machines (loads and generators) can be approximated by a small number of
differential equations and the entire grid can be modelled by aggregating these approximations into a large system of
linear differential equations. Evaluating these systems it has been found that in large power grids small-signal
steady-state changes in generation/consumption power balance cause a linear change in
frequency\cite{kundur01,entsoe02,entsoe04}. \emph{Small signal} here describes changes in power balance that are small
compared to overall grid power. \emph{Steady state} describes changes over a timeframe of multiple cycles as opposed to
transient events that only last a few milliseconds.
frequency\cite{kundur01,crastan03,entsoe02,entsoe04}. \emph{Small signal} here describes changes in power balance that
are small compared to overall grid power. \emph{Steady state} describes changes over a timeframe of multiple cycles as
opposed to transient events that only last a few milliseconds.
This approximately linear relationship allows the specification of a coefficient linking $\Delta P$ and $\Delta f$ with
unit \si{\watt\per\hertz}. In this thesis we are using the European power grid as our model system. We are
@ -597,7 +848,7 @@ ENTSO-E at around \SI{20}{\giga\watt\per\hertz}. Keeping modulation amplitude be
spuriously triggering these control functions. This works out to an upper bound on modulation power of
\SI{20}{\mega\watt\per\milli\hertz}.
\subsubsection{Practical transmitter implementation}
\subsubsection{An outline of practical transmitter implementation}
In its most basic form a transmitter for grid frequency modulation would be a very large controllable load connected to
the power grid at a suitable vantage point. A spool of wire submerged in a body of cooling water (such as a small lake
@ -652,9 +903,9 @@ one rectifier pulse to the next, i.e. within a fraction of a single cycle.} data
Modern power systems are complex electromechanical systems. Each component is controlled by several carefully tuned
feedback loops to ensure voltage, load and frequency regulation. Multiple components are coupled through transmission
lines that themselves exhibit complex dynamic behavior. The overall system is generally stable, but may exhbit some
instabilities to particular small-signal stimuli. These instabilities, called \emph{modes} occur when due to mis-tuning
of parameters or physical constraints the overall system exhibits oscillation at particular frequencies.
\textcite{kundur01} split these into four categories:
instabilities to particular small-signal stimuli\cite{kundur01,crastan03}. These instabilities, called \emph{modes}
occur when due to mis-tuning of parameters or physical constraints the overall system exhibits oscillation at particular
frequencies. \textcite{kundur01} split these into four categories:
\begin{description}
\item[Local modes] where a single power station oscillates in some parameter
@ -679,9 +930,6 @@ of spectral energy in certain frequency ranges.
% FIXME
\subsubsection{An outline of practical implementation}
% FIXME
\section{From grid frequency to a reliable communications channel}
% FIXME
@ -1438,7 +1686,6 @@ indicates SER is related fairly monotonically to the signal-to-noise margins ins
\end{figure}
\section{Implementation of a demonstrator unit}
%FIXME
To demonstrate the viability of our reset architecture we decided to implement a demonstrator system. In this
demonstrator we use JTAG to reset part of a commodity smart meter from an externally-connected reset controller. The
@ -1451,6 +1698,7 @@ implementation cost low the reset controller is fed a simulation of a modulated
}.
\subsection{Selecting a smart meter for demonstration purposes}
\label{sec-easymeter}
For our demonstrator to make sense we wanted to select a realistic reset target. In Germany where this thesis was
written a standards-compliant setup would consist of a fairly dumb smart meter and a smart meter gateway (SMGW)
@ -1461,8 +1709,8 @@ to the SMGW effectively mitigating any attack vector for remote compormise.
Despite these considerations we still chose to reset the application MCU inside smart meter for two reasons. One is that
SMGWs are much harder to come by on the second-hand market. The other is that SMGWs are a particular feature of the
German standardization landscape and in many other countries the functions of an SMGW are integrated into the meter
itself. % FIXME citation
German standardization landscape and in many other countries functions of an SMGW such as wireless protocol handling are
integrated into the meter itself (see e.g.\ \cite{honeywell01}).
In the end we settled on an Q3DA1002 three-phase 60A meter made by German manufacturer EasyMeter. This meter is typical
of what would be found in an average German household and can be acquired very inexpensively as new old stock on online
@ -1499,6 +1747,8 @@ logic as part of the meter itself\cite{honeywell01,ifixit01}. As an example, the
71M6541 main application microcontroller along with a Texas Instruments CC1000 series radio transceiver and is
advertised to support both over-the-air firmware upgrades and a remotely accessible ``service control switch''.
% TODO add pics of the intact easymeter and of the one with the safety reset0r hooked up
\begin{figure}
\centering
\begin{subfigure}{\textwidth}
@ -1530,7 +1780,7 @@ advertised to support both over-the-air firmware upgrades and a remotely accessi
\end{subfigure}
\caption{
Composite images of the circuit boards inside the EasyMeter Q3DA1002 "smart" electricity meter used in our
Composite images of the circuit boards inside the EasyMeter Q3DA1002 ``smart'' electricity meter used in our
demonstration.
}
\label{easymeter_composites}
@ -1581,6 +1831,7 @@ compensated for at the transmitter by selecting appropriate modulation parameter
the receiver by equalization with a matched filter.
\section{Experimental results}
% TODO add some pictures of the finished demo setup in action
% FIXME
\section{Lessons learned}