paper: Reword part of intro
This commit is contained in:
jaseg
parent
36552f3174
commit
a9e12eb9f1
1 changed files with 30 additions and 23 deletions
|
|
@ -57,31 +57,34 @@ the last years. Smart Grid security has two major components: The security of ce
|
|||
of equipment at the consumer premises such as smart meters and IoT devices. While there is previous work on both sides,
|
||||
their interactions have not yet received much attention.
|
||||
|
||||
In this paper, we consider the previously proposed scenario where a large number of compromised consumer devices is used
|
||||
alone or in conjunction with an attack on the grid's central SCADA systems to destabilize the grid by rapidly modulating
|
||||
the total connected load~\cite{ctap+11,wu01,zlmz+21,kgma21,smp18,hcb19}. Several devices have been identified as likely
|
||||
targets for such an attack including smart meters with integrated remote disconnect switches~\cite{ctap+11,anderson01},
|
||||
large IoT-connected appliances~\cite{smp18,hcb19,chl20,olkd20} and electric vehicle
|
||||
chargers~\cite{kgma21,zlmz+21,olkd20}. Such attacks are hard to mitigate, and existing literature focuses on hardening
|
||||
grid control systems~\cite{kgma21,lzlw+20,lam21,zlmz+21} and device firmware\cite{mpdm+10,smp18,zb20,yomu+20} to prevent
|
||||
compromise. Despite the infeasibility of perfect firmware security, there is little research on \emph{post-compromise}
|
||||
mitigation approaches. A core issue with post-attack mitigation is that network connections such as internet and
|
||||
cellular networks between the utility and devices on consumer premises may not work due to the attack. Thus, mitigation
|
||||
strategies that involve devices on the consumer premises will need an out-of-band communication channel.
|
||||
We consider the previously proposed scenario where a large number of compromised consumer devices is used alone or in
|
||||
conjunction with an attack on the grid's central SCADA systems to destabilize the grid by rapidly modulating the total
|
||||
connected load~\cite{ctap+11,wu01,zlmz+21,kgma21,smp18,hcb19}. Several devices have been identified as likely targets
|
||||
for such an attack including smart meters with integrated remote disconnect switches~\cite{ctap+11,anderson01}, large
|
||||
IoT-connected appliances~\cite{smp18,hcb19,chl20,olkd20} and electric vehicle chargers~\cite{kgma21,zlmz+21,olkd20}.
|
||||
Such attacks are hard to mitigate, and existing literature focuses on hardening grid control
|
||||
systems~\cite{kgma21,lzlw+20,lam21,zlmz+21} and device firmware\cite{mpdm+10,smp18,zb20,yomu+20} to prevent compromise.
|
||||
Despite the infeasibility of perfect firmware security, there is little research on \emph{post-compromise} mitigation
|
||||
approaches. A core issue with post-attack mitigation is that network connections such as internet and cellular networks
|
||||
between the utility and devices on consumer premises may not work due to the attack. Thus, mitigation strategies that
|
||||
involve devices on the consumer premises will need an out-of-band communication channel.
|
||||
|
||||
We propose a \emph{safety reset} controller that is controlled through a novel, resilient, grid-wide powerline
|
||||
communication technique. Our safety reset controller can be fitted into any Smart Meter or IoT device. Its purpose is to
|
||||
await an out-of-band command to put the device into a safe state (e.g. \emph{relay on} or \emph{light on}) that
|
||||
interrupts attacker control over the device. The safety reset controller is separated from the system's main application
|
||||
controller and does not have any conventional network connections to reduce attack surface and cost.
|
||||
In this paper, we propose a novel, resilient, grid-wide communication technique based on \empH{grid frequency
|
||||
modulation} (GFM) that can be used to broadcast short messages to all devices connected to the electrical grid. The grid
|
||||
frequency modulation channel is robust and can be used even during an ongoing attack. Based on our channel we propose
|
||||
the \emph{safety reset} controller, an attack mitigation technique that is compatible with most smart meter and IoT
|
||||
device designs. A safety reset controller is a separate controller integrated to the device that awaits an out-of-band
|
||||
reset command transmitted through GFM. Upon reception of the reset command, it puts the device into a safe state (e.g.
|
||||
\emph{relay on} or \emph{light on}) that interrupts attacker control over the device. The safety reset controller is
|
||||
separated from the system's main application controller and itself does not have any conventional network connections to
|
||||
reduce attack surface and cost.
|
||||
|
||||
To facilitate resilient communication between the grid operator and the safety reset controller, we propose a grid-wide
|
||||
broadcast channel based on grid frequency modulation (GFM). This channel can be operated by transmission system
|
||||
operators (TSOs) even during black-start recovery procedures and it bridges the gap between the TSO's private control
|
||||
network and consumer devices that can not economically be equipped with other resilient communication techniques such as
|
||||
satellite transceivers. To demonstrate our proposed channel, we have implemented a system that transmits error-corrected
|
||||
and cryptographically secured commands through an emulated grid frequency-modulated voltage waveform to an off-the-shelf
|
||||
smart meter equipped with a prototype safety reset controller based on a small off-the-shelf microcontroller.
|
||||
The grid frequency modulation channel can be operated by transmission system operators (TSOs) even during black-start
|
||||
recovery procedures and it bridges the gap between the TSO's private control network and consumer devices that can not
|
||||
economically be equipped with other resilient communication techniques such as satellite transceivers. To demonstrate
|
||||
our proposed channel, we have implemented a system that transmits error-corrected and cryptographically secured commands
|
||||
through an emulated grid frequency-modulated voltage waveform to an off-the-shelf smart meter equipped with a prototype
|
||||
safety reset controller based on a small off-the-shelf microcontroller.
|
||||
|
||||
The frequency behavior of the electrical grid can be analyzed by examining the grid as a large collection of mechanical
|
||||
oscillators coupled through the grid via the electromotive force~\cite{rogers01,wcje+12}. The generators and motors that
|
||||
|
|
@ -720,6 +723,10 @@ commercially viable.
|
|||
|
||||
Source code and EDA designs are available at the public repository listed at the end of this document.
|
||||
|
||||
\begin{acks}
|
||||
This work has been co-funded by the LOEWE initiative (Hesse, Germany) within the emergenCITY center.
|
||||
\end{acks}
|
||||
|
||||
\bibliographystyle{plain}
|
||||
\bibliography{\jobname}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue