jaseg/master-thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

paper: formulation WIP, update spectrum graph

Browse source
This commit is contained in:
jaseg 2022-05-06 17:59:15 +02:00
parent 76f34b4839
commit da4afa7354
12 changed files with 136 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hardware/fw/tw_test.py
View file

@ -85,7 +85,7 @@ if __name__ == '__main__':
continue continue
crc32, payload = unpack_head('I', cobs.decode(data)) crc32, payload = unpack_head('I', cobs.decode(data))
pid, seq, data = unpack_head('xBH', payload) pid, seq, gps_1pps, data = unpack_head('BxHI', payload)
ts = time() ts = time()
# Calculate byte-wise CRC32 # Calculate byte-wise CRC32
@ -126,7 +126,7 @@ if __name__ == '__main__':
print() print()
lines_written += 1 lines_written += 1
if lines_written == 80: if lines_written == 50:
lines_written = 0 lines_written = 0
print('\033[2J\033[H', end='') print('\033[2J\033[H', end='')
delta = ts-capture_start delta = ts-capture_start

1
hardware/grid-recorder/sym-lib-table
View file

@ -1,3 +1,4 @@
(sym_lib_table (sym_lib_table
(lib (name "components")(type "Legacy")(uri "${KIPRJMOD}/components.lib")(options "")(descr "")) (lib (name "components")(type "Legacy")(uri "${KIPRJMOD}/components.lib")(options "")(descr ""))
(lib (name "platform-rescue")(type "Legacy")(uri "${KIPRJMOD}/platform-rescue.lib")(options "")(descr ""))
) )

BIN
notebooks/fig_out/freq_meas_feedback.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/freq_meas_spectrum.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/freq_meas_trace_24h.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/freq_meas_trace_2h_1.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/freq_meas_trace_2h_2.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/mains_voltage_spectrum.pdf
View file

Binary file not shown.

BIN
notebooks/fig_out/simulated_noise_spectrum.pdf
View file

Binary file not shown.

78
notebooks/grid_freq_estimation.ipynb
View file

File diff suppressed because one or more lines are too long

5
paper/Makefile
View file

@ -19,6 +19,11 @@ all: ${main_tex}.pdf
biber $* biber $*
pdflatex -shell-escape $< pdflatex -shell-escape $<
.PHONY: once
once: safety-reset-paper.tex safety-reset.bib version.tex
biber safety-reset-paper
pdflatex -shell-escape $<
version.tex: ${main_tex}.tex safety-reset.bib version.tex: ${main_tex}.tex safety-reset.bib
echo "${VERSION_STRING}" > $@ echo "${VERSION_STRING}" > $@

161
paper/safety-reset-paper.tex
View file

@ -370,19 +370,6 @@ networks.
\subsection{Characterizing Grid Frequency} \subsection{Characterizing Grid Frequency}
\label{grid-freq-characterization} \label{grid-freq-characterization}
In utility SCADA systems, Phasor Measurement Units (PMUs, also called \emph{synchrophasors}) are used to precisely
measure grid frequency among other parameters. This task is a complicated task since a PMU has to make fast and precise
measurements given a distorted input signal. Details on the inner workings of commercial phasor measurement units are
scarce but there is a large amount of academic research on measurement
algorithms~\cite{narduzzi01,derviskadic01,belega01}.
In our application, we do not need the same level of precision. For the sake of simplicity, we use the universal
frequency estimation approach of Gasior and Gonzalez~\cite{gasior01}. In this algorithm, the windowed input signal is
processed using a Discrete Fourier Transform (DFT), then the signal's fundamental frequency is interpolated by fitting a
wavelet to the largest peak in the DFT result. The bias parameter of this curve fit is an accurate estimation of the
signal's fundamental frequency. This algorithm is similar to the simpler interpolated DFT algorithm referenced by phasor
measurement literature~\cite{borkowski01}.
To collect ground truth measurements for our analysis of grid frequency as a communication channel, we developed a To collect ground truth measurements for our analysis of grid frequency as a communication channel, we developed a
device to safely record mains voltage waveforms. Our system consists of an \texttt{STM32F030F4P6} ARM Cortex M0 device to safely record mains voltage waveforms. Our system consists of an \texttt{STM32F030F4P6} ARM Cortex M0
microcontroller that records mains voltage using its internal 12-bit ADC and transmits measured values through a microcontroller that records mains voltage using its internal 12-bit ADC and transmits measured values through a
@ -392,51 +379,65 @@ grid frequency error of $\SI{50}{\micro\hertz}$. We compared our oven-stabilized
found that over a time span of 20 minutes both stayed stable within 5 ppb of each other, which corresponds to the drift found that over a time span of 20 minutes both stayed stable within 5 ppb of each other, which corresponds to the drift
specification of a typical crystal oven. specification of a typical crystal oven.
In utility SCADA systems, Phasor Measurement Units (PMUs, also called \emph{synchrophasors}) are used to precisely
measure grid frequency among other parameters. Details on the inner workings of commercial phasor measurement units are
scarce but there is a large amount of academic research on measurement. PMUs employ complex signal analysis algorithms
to provide fast and precise measurements even when given a heavily distorted input
signal~\cite{narduzzi01,derviskadic01,belega01}.
In our application, we do not need the same level of precision. For the sake of simplicity, we use the universal
frequency estimation approach of Gasior and Gonzalez~\cite{gasior01}. In this algorithm, the windowed input signal is
processed using a Discrete Fourier Transform (DFT), then the signal's fundamental frequency is interpolated by fitting a
wavelet to the largest peak in the DFT result. The bias parameter of this curve fit is an accurate estimation of the
signal's fundamental frequency. This algorithm is similar to the interpolated DFT algorithm referenced by phasor
measurement literature~\cite{borkowski01}.
\begin{figure} \begin{figure}
\centering \centering
\includegraphics[width=0.8\textwidth]{../notebooks/fig_out/freq_meas_spectrum} \includegraphics[width=0.45\textwidth]{../notebooks/fig_out/freq_meas_spectrum_new}
\caption{The spectrum of grid frequency variations measured over a two-day timespan. The raw spectrum is shown in \caption{The spectrum of grid frequency variations measured over 24 hours. The raw spectrum is shown in gray, and a
gray, and a smoothed spectrum is shown in red. The blue line is inversely proportional to frequency and illustrates smoothed spectrum is shown in red. The blue line is inversely proportional to frequency and illustrates the $1/f$
the $1/f$ nature of the spectrum. Distinctive peaks in the spectrum are marked with red crosses, and their locations nature of the spectrum. Distinctive peaks in the spectrum are marked with red crosses, and their locations
are given on the bottom of the diagram.} are given on the bottom of the diagram.}
\label{fig_freq_spec} \label{fig_freq_spec}
\end{figure} \end{figure}
A number of effects can be seen in our measurement results in Figure~\ref{fig_freq_spec}. Across the frequency range, we Using our grid frequency recorder, we performed a two-day measurement series of grid frequency.
observe a broad $1/f$ noise. Above a period of $\SI{10}{\second}$, this $1/f$ noise dips to a flat noise floor. We Figure~\ref{fig_freq_spec} shows the frequency spectrum of grid frequency over this two-day span. In this spectrum, we
estimate that this low-noise region is caused by the self-regulating effect of loads. %FIXME citation observe a number of features. Across the frequency range, we observe a broad $1/f$ noise. Above a period of
Above a $\SI{10}{\second}$ period, primary control is activated and thus the $1/f$ noise we observe is the result of the $\SI{10}{\second}$, this $1/f$ noise dips to a flat noise floor. We estimate that this low-noise region is caused by the
interaction between primary control and consumer demand. On top of this $1/f$ behavior, the spectrum shows several sharp self-regulating effect of loads. %FIXME citation Above a $\SI{10}{\second}$ period, primary control is activated and
peaks at time intervals with a ``round'' number such as $\SI{10}{\second}$, $\SI{60}{\second}$ or multiples of thus the $1/f$ noise we observe is the result of the interaction between primary control and consumer demand. On top of
$\SI{300}{\second}$. These peaks are due to loads turning on- or off depending on wall-clock time. Besides the narrow this $1/f$ behavior, the spectrum shows several sharp peaks at time intervals with a ``round'' number such as
peaks caused by this effect we can also observe two wider bumps at $\SI{6.3}{\second}$ and $\SI{3.9}{\second}$. These $\SI{10}{\second}$, $\SI{60}{\second}$ or multiples of $\SI{300}{\second}$. These peaks are due to loads turning on- or
bumps closely correlate with continental european synchonous area's oscillation modes at $\SI{0.15}{\hertz}$ (east-west) off depending on wall-clock time. Besides the narrow peaks caused by this effect we can also observe two wider bumps at
and $\SI{0.25}{\hertz}$ (north-south)~\cite{grebe01}. $\SI{7.0}{\second}$ and $\SI{4.7}{\second}$. These bumps closely correlate with continental european synchonous area's
% FIXME measurement results oscillation modes at $\SI{0.15}{\hertz}$ (east-west) and $\SI{0.25}{\hertz}$ (north-south)~\cite{grebe01}.
\section{Grid Frequency Modulation} \section{Grid Frequency Modulation}
In its most basic form a transmitter for grid frequency modulation would be a very large controllable load located A transmitter for grid frequency modulation would be a controllable load of several Megawatt that
centrally within the grid. A spool of wire submerged in a body of cooling liquid such as a small lake along with a is located centrally within the grid. A baseline implementation would be a spool of wire submerged in a body of cooling
thyristor rectifier bank would likely suffice. We can however decrease hardware and maintenance investment even compared liquid (such as a small lake) which is powered from a
to this rather uncultivated solution by repurposing large industrial loads as transmitters. Going through a list of thyristor rectifier bank. Compared to this baseline solution, hardware and maintenance investment can be decreased
energy-intensive industries in Europe~\cite{ec01}, we found that an aluminium smelter would be a good candidate. In by repurposing a large industrial load as a transmitter. Going through a
aluminium smelting, aluminium is electrolytically extracted from alumina solution. High-voltage mains power is list of energy-intensive industries in Europe~\cite{ec01}, we found that an aluminium smelter would be a good candidate.
In aluminium smelting, aluminium is electrolytically extracted from alumina solution. High-voltage mains power is
transformed, rectified and fed into about 100 series-connected electrolytic cells forming a \emph{potline}. Inside these transformed, rectified and fed into about 100 series-connected electrolytic cells forming a \emph{potline}. Inside these
pots alumina is dissolved in molten cryolite electrolyte at about \SI{1000}{\degreeCelsius} and electrolysis is pots alumina is dissolved in molten cryolite electrolyte at about \SI{1000}{\degreeCelsius} and electrolysis is
performed using a current of tens or hundreds of Kiloampère. The resulting pure aluminium settles at the bottom of the performed using a current of tens or hundreds of Kiloampère. The resulting pure aluminium settles at the bottom of the
cell and is tapped off for further processing. cell and is tapped off for further processing.
Aluminium smelters are operated around the clock, and due to the high financial stakes their behavior under power Aluminium smelters are operated around the clock, and due to the high financial stakes their behavior under power
outages has been carefully characterized by the industry. Power outages of tens of minutes up to two hours reportedly do outages has been carefully characterized. Power outages of tens of minutes up to two hours reportedly do
not cause problems in aluminium potlines~\cite{eisma01,oye01}. Recently, even techniques for intentional power modulation not cause problems in aluminium potlines~\cite{eisma01,oye01}. Recently, even techniques for intentional power modulation
without affecting cell lifetime or product quality have been developed to take advantage of variable energy without affecting cell lifetime or product quality have been developed to take advantage of variable energy
prices.~\cite{duessel01,eisma01,depree01}. An aluminium plant's power supply is controlled to constantly keep all prices~\cite{duessel01,eisma01,depree01}. An aluminium plant's power supply is controlled to constantly keep all
smelter cells under optimal operating conditions. Modern power supply systems employ large banks of diodes or SCRs to smelter cells under optimal operating conditions. Modern power supply systems employ large banks of diodes or thyristors to
rectify low-voltage AC to DC to be fed into the potline~\cite{ayoub01}. Potline voltage is controlled through a rectify low-voltage AC to DC to be fed into the potline~\cite{ayoub01}. Potline voltage is controlled through a
combination of a tap changer and a transductor. Individual cell voltages are controlled by changing the physical combination of a tap changer and a transductor. Individual cell voltages are controlled by changing the physical
distance between anode and cathode distance. In this setup, power can be modulated fully electronically. Since this distance between anode and cathode distance. In this setup, power can be electronically modulated using the thyristor
system does not have any mechanical inertia, high modulation rates can reasonably be achieved. rectifier. Since the system does not have any mechanical inertia, high modulation rates are possible.
In~\cite{depree01}, the authors describe a setup where a large Aluminium smelter in continental Europe is used as In~\cite{depree01}, the authors describe a setup where a large Aluminium smelter in continental Europe is used as
primary control reserve for frequency \emph{regulation}. In this setup, a rise time of $\SI{15}{\second}$ was achieved primary control reserve for frequency \emph{regulation}. In this setup, a rise time of $\SI{15}{\second}$ was achieved
@ -444,23 +445,20 @@ to meet the $\SI{30}{\second}$ requirement posed by local standards for primary
authors note that for their system, an energy storage capacity of $\SI{7.7}{\giga\watt\hour}$ is possible if all plants authors note that for their system, an energy storage capacity of $\SI{7.7}{\giga\watt\hour}$ is possible if all plants
of a single operator are used. Given the maximum modulation depth of $\SI{100}{\percent}$ for up to one hour that is of a single operator are used. Given the maximum modulation depth of $\SI{100}{\percent}$ for up to one hour that is
mentioned by the authors, this results in an effective modulation power of $\SI{7.7}{\giga\watt}$. Over a longer mentioned by the authors, this results in an effective modulation power of $\SI{7.7}{\giga\watt}$. Over a longer
timespan of $\SI{48}{\hour}$, they have demonstrated a $\SI{33}{\percent}$ modulation depth which would correspond to timespan of $\SI{48}{\hour}$, they have demonstrated a $\SI{33}{\percent}$ modulation depth which would correspond to a
a modulation power of $\SI{2.5}{\giga\watt}$. modulation power of $\SI{2.5}{\giga\watt}$. We conclude that a modulation of part of an aluminium smelter's power
consumption is possible at no significant production impact and at low infrastructure cost. Aluminium smelters are
From this brief literature review, we conclude that a modulation of part of an aluminium smelter's power consumption already connected to the grid in a way that they do not pose a danger to other nearby consumers when they turn off or on
most likely is possible at no significant production impact and low infrastructure cost (such as for shell heat parts of the plant, as this is commonplace during routine maintenance activities.
exchangers as used in~\cite{depree01}). Aluminium smelters are connected to the grid in a way that they do not pose a
danger to other nearby consumers when they turn off or on parts of the plant, as this is commonplace during routine
maintenance activities. They are very large consumers of electrical power, but they are still small when seen in
relation to the entire grid.
\subsection{Parametrizing Modulation for GFM} \subsection{Parametrizing Modulation for GFM}
Given the grid characteristics we measured using our custom waveform recorder and using a model of our transmitter, we Given the grid characteristics we measured using our custom waveform recorder and using a model of our transmitter, we
can derive parameters for the modulation of our broadcast system. Modulating $\SI{25}{\mega\watt}$ of smelter power can derive parameters for the modulation of our broadcast system. The overall network power-frequency characteristic of
would yield a frequency shift of $\SI{1}{\milli\hertz}$. At an RMS frequency noise of around $\SI{10}{\milli\hertz}$ in the continental European synchronous area is about $\SI{25}{\giga\watt\per\hertz}$~\cite{entsoe02}. Thus, the main
the band around $\SI{1}{\hertz}$, this results in challenging SNR. A second layer of modulation yielding some modulation challenge for a GFM system will be poor SNR due to low transmission power. A second layer of modulation yielding some
gain is necessary to achieve sufficient overall SNR. modulation gain beyond the basic amplitude modulation of the transmitter will be necessary to achieve sufficient overall
SNR.
The grid's frequency noise has significant localized peaks that might interfere with this modulation. Further The grid's frequency noise has significant localized peaks that might interfere with this modulation. Further
complicating things are the oscillation modes. A GFM system must be designed to avoid exciting these modes. However, complicating things are the oscillation modes. A GFM system must be designed to avoid exciting these modes. However,
@ -477,19 +475,19 @@ $\approx\SI{2}{\hertz}$ would complicate frequency measurement at the receiver s
We simulated a proof-of-concept modulator and demodulator using data captured from our grid frequency sensor. Our We simulated a proof-of-concept modulator and demodulator using data captured from our grid frequency sensor. Our
simulations covered a range of parameters in modulation amplitude, DSSS sequence bit depth, chip duration and detection simulations covered a range of parameters in modulation amplitude, DSSS sequence bit depth, chip duration and detection
threshold. Figure~\ref{fig_ser_nbits} shows symbol error rate (SER) as a function of modulation amplitude with Gold threshold. Figure~\ref{fig_ser_nbits} shows our simulation results for symbol error rate (SER) as a function of
sequences of several bit depths. As can be seen, realistic modulation amplitudes are in the range around modulation amplitude with Gold sequences of several bit depths. From these graphs we conclude that the range of
$\SI{1}{\milli\hertz}$. In the continental European synchronous area, this corresponds to a modulation power of practical modulation amplitudes starts at approximately $\SI{1}{\milli\hertz}$, which corresponds to a modulation power
approximately $\SI{25}{\mega\watt}$. Figure~\ref{fig_ser_thf} shows SER against detection threshold relative to of approximately $\SI{25}{\mega\watt}$~\cite{entsoe02}. Figure~\ref{fig_ser_thf} shows SER against detection threshold
background noise. Figure~\ref{fig_ser_chip} shows SER against chip duration for a given fixed symbol length. As expected relative to background noise. Figure~\ref{fig_ser_chip} shows SER against chip duration for a given fixed symbol length.
from looking at our measured grid frequency noise spectrum, performance is best for short chip durations and worsens for As expected from looking at our measured grid frequency noise spectrum, performance is best for short chip durations and
longer chip durations since shorter chip durations move our signals' bandwidth into the lower-noise region from worsens for longer chip durations since shorter chip durations move our signals' bandwidth into the lower-noise region
$\SI{0.2}{\hertz}$ to $\SI{2}{\hertz}$. from $\SI{0.2}{\hertz}$ to $\SI{2}{\hertz}$.
%FIXME introduce term "chip" somewhere %FIXME introduce term "chip" somewhere
\begin{figure} \begin{figure}
\centering \centering
\includegraphics[width=0.6\textwidth]{../notebooks/fig_out/dsss_gold_nbits_overview} \includegraphics[width=0.4\textwidth]{../notebooks/fig_out/dsss_gold_nbits_overview}
\caption{Symbol Error Rate as a function of modulation amplitude for Gold sequences of several lengths.} \caption{Symbol Error Rate as a function of modulation amplitude for Gold sequences of several lengths.}
\label{fig_ser_nbits} \label{fig_ser_nbits}
\end{figure} \end{figure}
@ -510,8 +508,9 @@ $\SI{0.2}{\hertz}$ to $\SI{2}{\hertz}$.
\label{fig_ser_chip} \label{fig_ser_chip}
\end{figure} \end{figure}
\subsection{Parametrizing a proof-of-concept "Safety Reset" System Based on GFM} \subsection{Parametrizing a proof-of-concept ``Safety Reset'' System Based on GFM}
%FIXME introduce scenario
Taking these modulation parameters as a starting point, we proceeded to create a proof-of-concept smart meter emergency Taking these modulation parameters as a starting point, we proceeded to create a proof-of-concept smart meter emergency
reset system. On top of the modulation described in the previous paragraphs we layered simple Reed-Solomon error reset system. On top of the modulation described in the previous paragraphs we layered simple Reed-Solomon error
correction~\cite{mackay01} and some cryptography. The goal of our PoC cryptographic implementation was to allow the correction~\cite{mackay01} and some cryptography. The goal of our PoC cryptographic implementation was to allow the
@ -624,20 +623,30 @@ expect safety reset controllers to be commercially viable given adequate politic
\section{Conclusion} \section{Conclusion}
\label{sec_conclusion} \label{sec_conclusion}
In this paper we have developed an end-to-end design of a reset system to restore smart meters to a safe operating state During an emergency in the electrical grid, the ability to communicate to large numbers of end-point devices is a
during an ongoing large-scale cyberattack. To allow our system to be triggered even in the middle of a cyberattack we valuable tool for restoring normal operation. When a resilient communcation channel is available, loads such as smart
have developed a broadcast data transmission system based on intentional modulation of global grid frequency. We have meters and IoT devices can be equipped with a supervisor circuit that allows for a remote ``safety reset'' that puts the
shown the viability of our end-to-end design through simulations. To put these simulations on a solid foundation we have device into a safe operating state. Using this safety reset, an attacker that uses compromised smart meters or IoT
developed a grid frequency measurement methodology comprising of a custom-designed hardware device for electrically safe devices to attack grid stability can be interrupted before the conculusion of their attack. During recover from an
data capture and a set of software tools to archive and process captured data. Our simulations show good behavior of our outage, a safety reset can be used to reduce stress on the system during a black start by turning of non-essential loads
broadcast communication system and give an indication that cooperating with a large consumer such as an aluminium smelter such as air conditioners.
would be a feasible way to set up a transmitter with low hardware overhead. We have outlined a simple cryptographic
protocol ready for embedded implementation in resource-constrained systems that allows triggering a safety reset with a In this paper we have developed an end-to-end design of a safety reset system that provides these capabilities. Our
response time of less than 30 minutes. We have experimentally validated our system using simulated grid frequency data novel broadcast data transmission system is based on intentional modulation of global grid frequency. Our system is
in a demonstrator setup based on a commercial microcontroller as our safety reset controller and an off-the-shelf smart independent of normal communication networks and can operate during a cyberattack. We have shown the practical viability
meter. The next step in our evaluation will be to conduct an experimental evaluation of our modulation scheme in of our end-to-end design through simulations. Using our purpose-designed grid frequency recorder, we can capture and
collaboration with an utility and an operator of a multi-megawatt load. Source code and electronics CAD designs are process real-time grid frequency data in an electrically safe way. We used data captured this way as the basis for
available at the public repository listed at the end of this document. simulations of our proposed grid frequency modulation communication channel. In these simulations, our system has proven
feasible. From our simulations we conclude that a large consumer such as an aluminium smelter at a small cost can be
modified to act as an on-demand grid frequency modulation transmitter.
We have demonstrated our modulation system in a small-scale practical demonstration. For this demonstration, we have
developed a simple cryptographic protocol ready for embedded implementation in resource-constrained systems that allows
triggering a safety reset with a response time of less than 30 minutes. In this demonstration we use simulated grid
frequency data to trigger a commercial microcontroller to perform a firmware reset of an off-the-shelf smart meter. The
next step in our evaluation will be to conduct an experimental evaluation of our modulation scheme in collaboration with
an utility and an operator of a multi-megawatt load. Source code and electronics CAD designs are available at the
public repository listed at the end of this document.
\printbibliography[heading=bibintoc] \printbibliography[heading=bibintoc]