jaseg/safety-reset
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compress paper into strict 10 pg limit

Browse source
This commit is contained in:
jaseg 2022-10-06 16:49:10 +02:00
parent 713564b829
commit 319d4a7f9c
3 changed files with 123 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
paper/flowchart.pdf
View file

Binary file not shown.

109
paper/flowchart.svg
View file

@ -2,12 +2,12 @@
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="73.642357mm"
height="64.569092mm"
viewBox="0 0 73.642357 64.569092"
width="131.0421mm"
height="21.495766mm"
viewBox="0 0 131.0421 21.495766"
version="1.1"
id="svg5"
inkscape:version="1.1 (c4e8f9ed74, 2021-05-24)"
inkscape:version="1.2.1 (9c6d41e410, 2022-07-14, custom)"
sodipodi:docname="flowchart.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
@ -29,15 +29,15 @@
inkscape:object-paths="true"
inkscape:snap-smooth-nodes="true"
inkscape:snap-global="false"
inkscape:zoom="3.0574005"
inkscape:cx="150.12754"
inkscape:cy="162.5564"
inkscape:window-width="2173"
inkscape:window-height="1573"
inkscape:window-x="2485"
inkscape:window-y="245"
inkscape:window-maximized="0"
inkscape:current-layer="layer2"
inkscape:zoom="4.3238173"
inkscape:cx="171.60762"
inkscape:cy="22.896435"
inkscape:window-width="3840"
inkscape:window-height="2091"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="layer1"
showguides="false"
fit-margin-top="3"
fit-margin-left="3"
@ -46,7 +46,9 @@
showborder="true"
units="mm"
lock-margins="true"
borderlayer="true" />
borderlayer="true"
inkscape:showpageshadow="2"
inkscape:deskcolor="#d1d1d1" />
<defs
id="defs2">
<rect
@ -84,17 +86,17 @@
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-15.310265,-14.455001)">
transform="translate(-16.855997,-22.893207)">
<rect
style="fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="rect9475"
width="91.448166"
width="150.64792"
height="82.638519"
x="5.2928662"
x="5.2928667"
y="7.8876767" />
<g
id="g8024"
transform="translate(49.567338,-3.9821704)">
transform="translate(126.13798,-33.292455)">
<path
id="use7208"
style="fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.297093;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
@ -122,7 +124,7 @@
</g>
<g
id="g2866"
transform="translate(5.6025171,2.5388793)">
transform="translate(3.2776964,11.150229)">
<rect
style="fill:#000000;stroke:none;stroke-width:0.132292;stop-color:#000000"
id="rect846"
@ -397,7 +399,7 @@
</g>
<g
id="g4557"
transform="translate(1.7320415)">
transform="translate(-3.158304,5.4382063)">
<path
id="path2901"
style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
@ -436,7 +438,7 @@
</g>
<g
id="g4557-2"
transform="translate(14.766767,8.8851365)">
transform="translate(10.22469,7.8001723)">
<path
id="path2901-8"
style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
@ -475,7 +477,7 @@
</g>
<g
id="g2203"
transform="translate(1.3449329,-0.86064309)">
transform="translate(-3.1118099,-1.7943002)">
<rect
style="fill:#000000;stroke:none;stroke-width:0.7;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stop-color:#000000"
id="rect4581"
@ -769,7 +771,7 @@
</g>
<g
id="g5542"
transform="matrix(0.44387819,0,0,0.44387819,28.028396,19.994804)">
transform="matrix(0.44387819,0,0,0.44387819,74.113674,6.1034872)">
<g
id="g3526">
<path
@ -866,12 +868,12 @@
y="0"
xlink:href="#g5542"
id="use5544"
transform="translate(-17.260891,6.4288113)"
transform="translate(16.011582,4.7541556)"
width="100%"
height="100%" />
<g
id="g6078"
transform="translate(27.098966,-13.723158)">
transform="translate(107.10903,-48.591882)">
<rect
style="fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.37892;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="rect5854"
@ -917,7 +919,8 @@
</g>
<g
id="g7086"
transform="translate(-26.40076,-23.564466)">
transform="translate(-26.40076,-23.564466)"
style="display:inline">
<rect
style="fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.461378;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="rect6696"
@ -951,15 +954,15 @@
inkscape:groupmode="layer"
id="layer2"
inkscape:label="Layer 2"
style="display:inline;mix-blend-mode:screen"
transform="translate(-15.310265,-14.455001)">
style="display:inline;mix-blend-mode:screen;stroke-width:0.748484"
transform="matrix(1.7849846,0,0,1,-26.152629,-22.893207)">
<rect
style="fill:#586276;fill-opacity:1;stroke:none;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
style="fill:#586276;fill-opacity:1;stroke:none;stroke-width:0.374241;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="rect9371"
width="78.648399"
height="71.852043"
x="13.421401"
y="9.7267618"
x="11.66457"
y="10.166819"
rx="0"
ry="0" />
</g>
@ -967,25 +970,26 @@
inkscape:groupmode="layer"
id="layer3"
inkscape:label="Layer 3"
transform="translate(-15.310265,-14.455001)">
transform="translate(-16.855997,-22.893207)"
style="display:inline">
<path
style="fill:#ffcc00;stroke:none;stroke-width:0.151801px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
d="m 41.385234,22.583392 0.36463,0.904354 -0.688353,0.961359 5.126828,-0.281048 -1.198089,6.25764 5.155654,-0.545247 -1.173413,1.277768 2.857932,-1.187651 -1.971426,-1.830066 0.26229,1.289957 -4.125094,0.128922 1.625597,-6.403604 z"
d="m 36.169805,24.463614 0.36463,0.904354 -0.688353,0.961359 5.126828,-0.281048 -1.198089,6.25764 5.155654,-0.545247 -1.173413,1.277768 2.857932,-1.187651 -1.971426,-1.830066 0.26229,1.289957 -4.125094,0.128922 1.625597,-6.403604 z"
id="path2410"
sodipodi:nodetypes="ccccccccccccc" />
<path
style="fill:none;stroke:#cc0000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 58.914011,38.722204 c -2.370898,5.284044 -5.847495,7.731514 -11.383219,4.896464"
d="m 84.144745,30.222721 c -2.370898,5.284044 -5.847495,7.731514 -11.383219,4.896464"
id="path8441"
sodipodi:nodetypes="cc" />
<path
style="fill:none;stroke:#cc0000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 38.075454,43.756421 c -4.177135,5.326658 -12.781728,6.762675 -17.200153,6.383813"
d="m 100.5363,34.018516 c -2.216593,1.669715 -5.570142,-1.53889 -7.02099,-4.65777"
id="path8443"
sodipodi:nodetypes="cc" />
<path
style="fill:none;stroke:#cc0000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 30.551411,49.738753 c 1.086688,6.828773 4.127792,10.263383 7.281748,12.062812"
d="m 109.72726,33.670576 c 2.965,0.830277 4.8719,-0.500685 6.17312,-3.388186"
id="path8445"
sodipodi:nodetypes="cc" />
</g>
@ -993,10 +997,11 @@
inkscape:groupmode="layer"
id="layer4"
inkscape:label="Layer 4"
transform="translate(-15.310265,-14.455001)">
transform="translate(-16.855997,-22.893207)"
style="display:inline">
<g
id="g15403"
transform="translate(2.6052425,14.343918)">
transform="translate(1.1509747,14.257149)">
<circle
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.653;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="path10092"
@ -1010,13 +1015,13 @@
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect10866)"><tspan
x="-28.917969"
y="56.477896"
id="tspan18143"><tspan
id="tspan787"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan18141">1</tspan></tspan></text>
id="tspan785">1</tspan></tspan></text>
</g>
<g
id="g15411"
transform="translate(23.735495,12.857313)">
transform="translate(25.206735,20.345215)">
<circle
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.653;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="circle15405"
@ -1030,13 +1035,13 @@
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect15413)"><tspan
x="-28.917969"
y="56.477896"
id="tspan18147"><tspan
id="tspan791"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan18145">2</tspan></tspan></text>
id="tspan789">2</tspan></tspan></text>
</g>
<g
id="g15411-5"
transform="translate(46.239689,16.01096)">
transform="translate(45.006286,14.134323)">
<circle
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.653;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="circle15405-5"
@ -1050,13 +1055,13 @@
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect15413-1)"><tspan
x="-28.917969"
y="56.477896"
id="tspan18151"><tspan
id="tspan795"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan18149">3</tspan></tspan></text>
id="tspan793">3</tspan></tspan></text>
</g>
<g
id="g15411-6"
transform="translate(12.280177,27.882868)">
transform="translate(78.977383,22.001498)">
<circle
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.653;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="circle15405-56"
@ -1070,13 +1075,13 @@
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect15413-7)"><tspan
x="-28.917969"
y="56.477896"
id="tspan18155"><tspan
id="tspan799"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan18153">4</tspan></tspan></text>
id="tspan797">4</tspan></tspan></text>
</g>
<g
id="g15411-7"
transform="translate(30.411115,42.721095)">
transform="translate(113.31251,7.4801985)">
<circle
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0.653;stroke-linecap:round;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
id="circle15405-4"
@ -1090,9 +1095,9 @@
style="font-size:26.6667px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect15413-3)"><tspan
x="-28.917969"
y="56.477896"
id="tspan18159"><tspan
id="tspan803"><tspan
style="font-family:Bahnschrift;-inkscape-font-specification:Bahnschrift"
id="tspan18157">5</tspan></tspan></text>
id="tspan801">5</tspan></tspan></text>
</g>
</g>
</svg>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 43 KiB

Before After
Before After

139
paper/safety-reset-paper.tex
View file

@ -50,7 +50,7 @@ Conference}{December 5--9}{Austin, TX, USA}
\city{Tel Aviv}
\country{Israel}
}
\email{lirankat@tau.ac.il}
\email{lirankatzir@tau.ac.il}
\author{Björn Scheuermann}
\affiliation{
@ -196,7 +196,7 @@ modifications.
\begin{figure}
\centering
\includegraphics[width=0.4\textwidth]{flowchart}
\includegraphics[width=0.45\textwidth]{flowchart}
\caption{Structural overview of our concept. 1 - Government authority or utility operations center. 2 - Emergency
radio link. 3 - Aluminium smelter. 4 - Electrical grid. 5 - Target smart meter.}
\Description{A schematic overview of the safety reset system with its parts represented by icons. A signal is sent
@ -394,8 +394,6 @@ communication for smart meter reading~\cite{ec03,rs48,gungor01,agf16}.
\section{Related work}
\label{sec_related_work}
\subsection{IoT and Smart Grid security}
The security of IoT devices as well as the smart grid has received extensive attention in the
literature~\cite{nbck+19,acsc20,smp18,ykll17,anderson01,anderson02,zlmz+21,kgma21,hcb19,mpdm+10,lzlw+20,chl20,lam21,olkd20,yomu+20}.
The challenges of IoT device security and the security of smart meters and other smart grid devices are similar because
@ -612,30 +610,29 @@ distance between anode and cathode. In this setup, power can be electronically
Since the system does not have any mechanical inertia, high modulation rates are possible.
In~\cite{depree01}, the authors describe a setup where a large Aluminium smelter in continental Europe is used as
primary control reserve for frequency regulation. In this setup, a rise time of $\SI{15}{\second}$ was achieved to meet
the $\SI{30}{\second}$ requirement posed by local standards for primary control. In their conclusion, the authors note
that for their system, an effective thermal energy storage capacity of $\SI{7.7}{\giga\watt\hour}$ is possible if all
plants of a single operator are used. Given the maximum modulation depth of $\SI{100}{\percent}$ for up to one hour that
is mentioned by the authors, this results in an effective modulation power of $\SI{7.7}{\giga\watt}$. Over a longer
time span of $\SI{48}{\hour}$, they have demonstrated a $\SI{33}{\percent}$ modulation depth which would correspond to a
modulation power of $\SI{2.5}{\giga\watt}$. We conclude that a modulation of part of an aluminium smelter's power
consumption is possible at no significant production impact and at low infrastructure cost. Aluminium smelters are
already connected to the grid in a way that they do not pose a danger to other nearby consumers when they turn off or on
parts of the plant, as this is commonplace during routine maintenance activities.
primary control reserve for frequency regulation. Their system achieved a rise time of $\SI{15}{\second}$, meeting the
local $\SI{30}{\second}$ requirement for primary control. The authors calculated that their system can provide an
equivalent thermal energy storage capacity of $\SI{7.7}{\giga\watt\hour}$ using all plants of a single operator. At the
maximum modulation depth of $\SI{100}{\percent}$ for up to one hour that the paper cites, the resulting effective
modulation power is $\SI{7.7}{\giga\watt}$. Over a longer time span of $\SI{48}{\hour}$, they have demonstrated a
$\SI{33}{\percent}$ modulation depth which would correspond to a modulation power of $\SI{2.5}{\giga\watt}$. The
experiment from~\cite{depree01} shows that a modulation of part of an aluminium smelter's power consumption is possible
at no significant production impact and at low infrastructure cost. Aluminium smelters are already connected to the grid
in a way that they do not pose a danger to other nearby consumers when they turn off or on parts of the plant, as this
is commonplace during routine maintenance activities.
\subsection{The operational model of a GFM-based safety reset}
\subsection{Operating a GFM safety reset}
While a single large Aluminium smelter could conceivably provide sufficient modulation power to cover the entire
continental European synchronous area, we have to consider operation during a black start, when the grid temporarily
divides into a number of disconnected power islands. A single transmitter would only be able to reach receivers on the
same power island.
To alleviate this constraint, the system can use a number of transmitters that are distributed throughout the network.
Piggy-backing transmitters on existing industrial loads keeps the implementation cost of additional transmitters low. By
running transmitters from stable, synchronized frequency standards such as gps-disciplined rubidium standards,
transmissions can be precisely synchronized across power islands even after a holdover period of several days. This
allows a transmission to continue uninterrupted while the utility rejoins power island into the larger grid, since the
transmissions on both islands are precisely synchronized.
To alleviate this constraint, a number of smaller transmitters throughout the network can be synchronized to act in
unison. Using existing industrial loads keeps the implementation cost of additional transmitters low. GPS-disciplined
frequency standards can keep transmissions synchronized across power islands even after a holdover period of several
days. When the utility rejoins power islands into the larger grid, the synchronized transmissions will constructively
interfere.
As illustrated in Figure~\ref{fig_intro_flowchart}, the transmitters are connected to a command center. For this
connection, a redundant set of long-range radio or satellite links can be used, as well as wired connections through the
@ -709,7 +706,7 @@ durations move our signals' bandwidth into the lower-noise region from $\SI{0.2}
\begin{figure}
\centering
\includegraphics[width=0.45\textwidth]{../notebooks/fig_out/dsss_gold_nbits_overview}
\includegraphics[width=0.3\textwidth]{../notebooks/fig_out/dsss_gold_nbits_overview}
\caption{Symbol Error Rate as a function of modulation amplitude for Gold sequences of several lengths.}
\Description{A plot of symbol error rate versus amplitude in millihertz. The plot shows four lines, one each for 5
bit, 6 bit, 7 bit and 8 bit. All four lines form smooth step functions, plateauing at a symbol error rate of 1.0 for
@ -765,7 +762,7 @@ durations move our signals' bandwidth into the lower-noise region from $\SI{0.2}
\label{fig_ser_chip}
\end{figure}
\subsection{Parameterizing a proof-of-concept ``Safety Reset'' System Based on GFM}
\subsection{Parameterizing a PoC GFM ``Safety Reset''}
%FIXME introduce scenario
Taking these modulation parameters as a starting point, we proceeded to create a proof-of-concept smart meter emergency
@ -832,7 +829,7 @@ without triggering them to reset.
\begin{figure}
\centering
\includegraphics[width=0.45\textwidth]{prototype.jpg}
\includegraphics[width=0.35\textwidth]{prototype.jpg}
\caption{The completed prototype setup. The board on the left is the safety reset microcontroller. It is connected
to the smart meter in the middle through an adapter board. The top left contains a USB hub with debug interfaces to
the reset microcontroller. The cables on the bottom left are the debug USB cable and the \SI{3.5}{\milli\meter}
@ -854,6 +851,19 @@ connected to the main application microcontroller of a smart meter. The reset co
authenticated reset commands on the voltage waveform, and on reception of such a command resetting the smart meter
application controller by flashing a known-good firmware image to its memory.
For our proof of concept, before settling on the commercial smart meter we first tried to use an \texttt{EVM430-F6779}
smart meter evaluation kit made by Texas Instruments. This evaluation kit did not turn out well for two main reasons.
One, it shipped with half the case missing and no cover for the high-voltage terminal blocks. Because of this some work
was required to get it electrically safe. The second issue we ran into was that the development board is based around a
specific microcontroller from TI's \texttt{MSP430} series that is incompatible with common JTAG programmers.
Our initial assumption that a development kit would be easier to program than a commercial meter did not prove to be
true. Contrary to our expectations the commercial meter had JTAG enabled allowing us to easily read out its stock
firmware requiring neither reverse-engineering vendor firmware update files nor circumventing code protection measures.
The fact that its firmware was only available in its compiled binary form was not much of a hindrance as it proved not
to be too complex and all we wanted to know we found with just a few hours of digging in
Ghidra\footnote{\url{https://ghidra-sre.org/}}.
The signal processing chain of our PoC is shown in Figure~\ref{fig_demo_sig_schema}. To interoperate with existing
implementations of SHA-512 and reed-solomon decoding, this implementation was written in the C programming language. To
demonstrate an application close to a field implementation, we chose an Easymeter \texttt{Q3DA1002} smart meter as our
@ -888,11 +898,17 @@ the meter's display after boot-up.
To measure grid frequency in our demonstrator, we ported the same code we used in
Section~\label{grid-freq-characterization} to our demonstrator, again using the voltage measured using the
microcontroller's internal ADC but using a regular crystal instead of a crystal oven for the microcontroller's system
clock. Since we did not have an aluminium smelter ready, we decided to feed our proof-of-concept reset controller with
an emulated grid voltage sine wave from a computer's headphone jack. Where in a real application this microcontroller
would take ADC readings of input mains voltage divided down by a long resistive divider chain, we instead feed the ADC
from a $\SI{3.5}{\milli\meter}$ audio input. For operational safety, we disconnected the meter microcontroller from its
grid-referenced capacitive dropper power supply and connected it to our reset controller's debug USB power supply.
clock. We decided to feed our proof-of-concept reset controller with an emulated grid voltage sine wave from a
computer's headphone output. Where in a real application this microcontroller would take ADC readings of input mains
voltage divided down by a long resistive divider chain, we instead feed the ADC from a $\SI{3.5}{\milli\meter}$ audio
input. For operational safety, we disconnected the meter microcontroller from its grid-referenced capacitive dropper
power supply and connected it to our reset controller's debug USB power supply.
In the firmware development phase of our proof of concept, we tested every module such as DSSS demodulator, Reed-Solomon
decoder, or grid frequency estimation individually. This approach proved very useful for debugging. The modular
architecture allowed us to directly compare our demodulator implementation to our Jupyter/Python prototype, where we
found that our C implementation outperformed the Python prototype. Despite the algorithms's complexity, the
microcontroller C implementation has no issues processing data in real-time due to the low sampling rate necessary.
We performed several successful experiments using a signature truncated at 120 bit and a 5 bit DSSS sequence. Taking the
sign bit into account, the length of the encoded signature is 20 DSSS symbols. On top of this we used Reed-Solomon error
@ -901,49 +917,6 @@ other simulations as well this equates to an overall transmission duration of ap
the demodulator some time to settle and to produce more realistic conditions of signal reception we padded the modulated
signal with unmodulated noise on both ends.
\section{Lessons learned}
For our proof of concept, before settling on the commercial smart meter we first tried to use an \texttt{EVM430-F6779}
smart meter evaluation kit made by Texas Instruments. This evaluation kit did not turn out well for two main reasons.
One, it shipped with half the case missing and no cover for the high-voltage terminal blocks. Because of this some work
was required to get it electrically safe. Even after mounting it in an electrically safe manner the safety reset
controller prototype would also have to be galvanically isolated to not pose an electrical safety risk since the main
MCU is not isolated from the grid and the JTAG port is also galvanically coupled. The second issue we ran into was that
the development board is based around a specific microcontroller from TI's \texttt{MSP430} series that is incompatible
with common JTAG programmers.
Our initial assumption that a development kit would be easier to program than a commercial meter did not prove to be
true. Contrary to our expectations the commercial meter had JTAG enabled allowing us to easily read out its stock
firmware requiring neither reverse-engineering vendor firmware update files nor circumventing code protection measures.
The fact that its firmware was only available in its compiled binary form was not much of a hindrance as it proved not
to be too complex and all we wanted to know we found with just a few hours of digging in
Ghidra\footnote{\url{https://ghidra-sre.org/}}.
In the firmware development phase we tested every module such as DSSS demodulator, Reed-Solomon decoder, or grid
frequency estimation individually. This approach proved particularly useful for debugging. The modular architecture
allowed us to directly compare our demodulator implementation to our Jupyter/Python prototype, where we found that our C
implementation outperformed the Python prototype. Despite the algorithms's complexity, the microcontroller C
implementation has no issues processing data in real-time due to the low sampling rate necessary.
\section{Conclusion}
\label{sec_conclusion}
In this paper we have developed an end-to-end design for a safety reset system that provides these capabilities.
Our novel broadcast data transmission system is based on intentional modulation of global grid frequency. Our system is
independent of normal communication networks and can operate during a cyber attack. We have shown the practical
viability of our end-to-end design through simulations. Using our purpose-designed grid frequency recorder, we can
capture and process real-time grid frequency data in an electrically safe way. We used data captured this way as the
basis for simulations of our proposed grid frequency modulation communication channel. In these simulations, our system
has proven feasible. From our simulations we conclude that a large consumer such as an aluminium smelter at a small cost
can be modified to act as an on-demand grid frequency modulation transmitter.
We have demonstrated our modulation system in a small-scale practical demonstration. For this demonstration, we have
developed a simple cryptographic protocol ready for embedded implementation in resource-constrained systems that allows
triggering a safety reset with a response time of less than 30 minutes. In this demonstration we use simulated grid
frequency data to trigger a commercial microcontroller to perform a firmware reset of an off-the-shelf smart meter. The
next step in our evaluation will be to conduct an experimental evaluation of our modulation scheme in collaboration with
an utility and an operator of a multi-megawatt load.
\subsection{Discussion}
During an emergency in the electrical grid, the ability to communicate to large numbers of end-point devices is a
@ -967,7 +940,27 @@ a practical demonstration of broadcast data transmission through grid frequency
controllable load as well as further optimization of the modulation and data encoding and the demodulator
implementation.
\subsection{Artifacts}
\section{Conclusion}
\label{sec_conclusion}
In this paper we have developed an end-to-end design for a safety reset system that provides these capabilities.
Our novel broadcast data transmission system is based on intentional modulation of global grid frequency. Our system is
independent of normal communication networks and can operate during a cyber attack. We have shown the practical
viability of our end-to-end design through simulations. Using our purpose-designed grid frequency recorder, we can
capture and process real-time grid frequency data in an electrically safe way. We used data captured this way as the
basis for simulations of our proposed grid frequency modulation communication channel. In these simulations, our system
has proven feasible. From our simulations we conclude that a large consumer such as an aluminium smelter at a small cost
can be modified to act as an on-demand grid frequency modulation transmitter.
We have demonstrated our modulation system in a small-scale practical demonstration. For this demonstration, we have
developed a simple cryptographic protocol ready for embedded implementation in resource-constrained systems that allows
triggering a safety reset with a response time of less than 30 minutes. In this demonstration we use simulated grid
frequency data to trigger a commercial microcontroller to perform a firmware reset of an off-the-shelf smart meter. The
next step in our evaluation will be to conduct an experimental evaluation of our modulation scheme in collaboration with
an utility and an operator of a multi-megawatt load.
\appendix
\section{Artifacts}
Source code for the demonstrator and simulations, as well as hardware EDA designs are available at the public git
repository at the following URL: