cyber physical models of power system state estimation
play

Cyber-physical Models of Power System State Estimation Security - PowerPoint PPT Presentation

Sep 28, 2023 •154 likes •554 views

Cyber-physical Models of Power System State Estimation Security Gyrgy Dn School of Electrical Engineering KTH, Royal Institute of Technology Stockholm, Sweden Joint work with: Ognjen Vukovi, Henrik Sandberg, Kin Cheong Sou, Andr

  1. Cyber-physical Models of Power System State Estimation Security György Dán School of Electrical Engineering KTH, Royal Institute of Technology Stockholm, Sweden Joint work with: Ognjen Vuković, Henrik Sandberg, Kin Cheong Sou, André Teixeira, Karl-Henrik Johansson, Gunnar Karlsson TCIPG Seminar Series 7 December 2012

  2. Supervisory Control and Data Acquistion (SCADA) • Computerized monitoring and control - Real-time data acquisition Metering • – Voltage, current, power Status information • – Breakers • Control • Energy Management System (EMS) - Short circuit calculation - Contingency analysis - Optimal power flow - ... A. Teixeira et al, ``Optimal Power Flow: Closing the Loop over Corrupted Data,‘’ in Proc. of American Control Conference (ACC), Jun. 2012 - State estimation L. Xie et al, “False Data Injection Attacks in Electricity Markets,” in Proc. of IEEE SmartGridComm, Oct. 2010 2 György Dán http://www.ee.kth.se/~gyuri

  3. Model-based State Estimation z 2 X 12 X 13 z 1 •Steady-state power flow model •Estimation of phase angles  i ,( vector) based on ( z ) - Weighted Least Squares (WLS) estimation - Gauss-Newton algorithm 3 György Dán http://www.ee.kth.se/~gyuri

  4. Bad Data Detector (BDD) ' z 2 • Measurement residual      ˆ ˆ r : z z h ( x ) e h ( x ) • Hypothesis testing - H0: Random measurement noise - Various methods  2 test (Normal distribution) • ˆ x State Bad Data Maximum normalized residual • estimator Detector   ˆ r z z z=h(x)+e x ˆ ˆ , z • BDD alarm Alarm Contingency Optimal Analysis Power Flow x u u 1 2 Operator u 4 György Dán http://www.ee.kth.se/~gyuri

  5. State Estimator and BDD ˆ x State Bad Data   estimator ˆ Detector r z z z=h(x)+e x ˆ ˆ , z Contingency Optimal Analysis x Power Flow u u 1 2 Operator u 5 György Dán http://www.ee.kth.se/~gyuri

  6. Naïve Attack on the State Estimator Attacker a ˆ x State Bad Data + a estimator   Detector r z z ˆ z a =h(x)+a+e a a a z=h(x)+e ˆ ˆ x a z , a Alarm! Contingency Optimal Analysis x Power Flow u u 1 2 Operator u 6 György Dán http://www.ee.kth.se/~gyuri

  7. State Estimator and BDD ˆ x State Bad Data   estimator ˆ Detector r z z z=h(x)+e x ˆ ˆ , z Contingency Optimal Analysis x Power Flow u u 1 2 Operator u 7 György Dán http://www.ee.kth.se/~gyuri

  8. Stealth Attack on the State Estimator  h ( x )  H Attacker  x  x 0 a=Hc x  ˆ c State Bad Data +   estimator ˆ Detector r z z z a =h(x)+a+e z=h(x)+e   ˆ ˆ x c , z a No Contingency alarm… Optimal Analysis x Power Flow u u 1 2 Operator u Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS , 2009, pp. 21–32. 8 György Dán http://www.ee.kth.se/~gyuri

  9. Two Examples • Simple network • 40 bus training network - Real and pseudo measurement data (66 measurement points) 9 György Dán http://www.ee.kth.se/~gyuri

  10. Minimum Effort Stealth Attacks 40 bus training network •  : maximum metering redundancy •  : actual metering redundancy • Based on linear approximation • Pseudo measurements unchanged 10 György Dán http://www.ee.kth.se/~gyuri

  11. Specific Attack: „Naive” Attack • Attack of transmission line (measurement 33) • Manipulation of 1 measurement value at BLOO 11 György Dán http://www.ee.kth.se/~gyuri

  12. Specific Attack: „Stealth” Attack • Attack of transmission line (measurement 33) • Manipulation of 7 measurements at 5 substations 12 György Dán http://www.ee.kth.se/~gyuri

  13. Experiment: „Stealthy” vs „Naive” Attack Target Estimated # BDD bias value Alarms (MW) (MW) 0 -14.8 0 50 36.2 0 100 86.7 0 Bad data detected & 150 137.5 0 removed 200 Non - convergent • SCADA/EMS system Transmission line nom. rat.: 260 MVA • Complete state estimator (active and reactive power) • Attacked data written to SCADA database Teixeira et al, “A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator,‘’ in Proc. of IFAC World Congress, Aug. 2011 13 György Dán http://www.ee.kth.se/~gyuri

  14. Protection against „Stealth” Attacks • Calculate the effort needed for attack • Increase the effort needed for attack - Maximize attack cost for budget     MM arg max min k    : C ( P ) k M - Make attacks impossible Protection of at least n measurements • Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS , 2009, pp. 21–32. R. Bobba et al, “Detecting false data injection attacks on DC state estimation,” in Preprints of the First Workshop on Secure Control Systems, CPSWEEK 2010, 2010. G. Dán, H. Sandberg, “Stealth Attacks and Protection Schemes for State Estimators in Power Systems,” in Proc. of IEEE SmartGridComm, Oct. 2010 14 György Dán http://www.ee.kth.se/~gyuri

  15. Protection against „Stealth” Attacks  1  3 • Calculate the effort needed for attack • Increase the effort needed for attack - Maximize attack cost for budget     MM arg max min k    : C ( P ) k M - Make attacks impossible Protection of at least n measurements • Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS , 2009, pp. 21–32. R. Bobba et al, “Detecting false data injection attacks on DC state estimation,” in Preprints of the First Workshop on Secure Control Systems, CPSWEEK 2010, 2010. G. Dán, H. Sandberg, “Stealth Attacks and Protection Schemes for State Estimators in Power Systems,” in Proc. of IEEE SmartGridComm, Oct. 2010 15 György Dán http://www.ee.kth.se/~gyuri

  16. Protection against „Stealth” Attacks    1 • Calculate the effort needed for attack • Increase the effort needed for attack - Maximize attack cost for budget     MM arg max min k    : C ( P ) k M - Make attacks impossible Protection of at least n measurements • • Effort? Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS , 2009, pp. 21–32. R. Bobba et al, “Detecting false data injection attacks on DC state estimation,” in Preprints of the First Workshop on Secure Control Systems, CPSWEEK 2010, 2010. G. Dán, H. Sandberg, “Stealth Attacks and Protection Schemes for State Estimators in Power Systems,” in Proc. of IEEE SmartGridComm, Oct. 2010 16 György Dán http://www.ee.kth.se/~gyuri

  17. SCADA Attack Surface and Costs • Attack cost - Number of attacked infrastructure components • Protection cost - Number of protected infrastructure components Equipment upgrades • - Key management IEC 60870-5/PSTN - Performance implications 2 1 • Heterogeneous infrastructure 4 - Point-to-point links (PSTN, leased line) 3 - Multi-hop links (OPGW) 17 György Dán http://www.ee.kth.se/~gyuri

  18. SCADA Attack Surface and Costs • Attack cost - Number of attacked infrastructure components • Protection cost - Number of protected infrastructure components Equipment upgrades • - Key management - Performance implications 2 IEC 60870-5/OPGW 1 • Heterogeneous infrastructure 4 - Point-to-point links (PSTN, leased line) 3 - Multi-hop links (OPGW) 18 György Dán http://www.ee.kth.se/~gyuri

  19. Cyber-Physical Infrastructure Model 2 1  n 1  buses 4 M  Set of measurements 3 S  Set of substations s o Control center c m  M o Measurement taken at substation S ( m ) G ( S , E )  Communication system: undirected graph s  S  Set of established routes for substation     1 2 R ( s ) i i i R { r , r ,..., r }, r S , s r , s r s s s s s s c s  s | R ( s ) | 1 , all measurement data are sent over a single route to o c s  | R ( s ) | | R ( s ) | 1 , all data are split equally over routes to o c O.Vuković et al., ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ IEEE Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, July 2012 György Dán http://www.ee.kth.se/~gyuri 19

  20. Mitigation Schemes  Bump-in-the-wire (BITW) authentication E  S set of substations that use BITW authentication o  i E r ( ) set of substations where data is susceptible to attack o s    i s E , ( r ) { s } E s  ,   i i s E ( r ) r E s s  Physical protection o Guards or video surveillance P  s c  S , P o 20 György Dán http://www.ee.kth.se/~gyuri

  21. Illustration: IEEE 118 Bus Network • Topology - Star - Mesh • Baseline scenario - Single path routing - Shortest path 21 György Dán http://www.ee.kth.se/~gyuri

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology

System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012 This material is based upon work

518 views • 41 slides
State Estimation and Contingency Analysis of the Power Grid in a Cyber-Adversarial Environment

State Estimation and Contingency Analysis of the Power Grid in a Cyber-Adversarial Environment

State Estimation and Contingency Analysis of the Power Grid in a Cyber-Adversarial Environment Robin Berthier 1 , Rakesh Bobba 1 , Matt Davis 2 , Kate Rogers 2 , and Saman Zonouz 3 1 Information Trust Institute 3 Department of Electrical 2

905 views • 47 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS

MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS

DISCRETE DISCRETE EVENT AN EVENT AND HYBRID SY HYBRID SYSTEM STEM MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS STEMS C. G . G. Cassand . Cassandras as Division of Systems Engineering

1.34k views • 118 slides
ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University RV14, Sept. 24, 2014 Simplex for Hybrid System Models Stefan Mitsch ,

844 views • 50 slides
Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the state of art, CEER is a game changer. A generational leap in capabilities for Cyber- Physical Experimentation in the Electric Power Grid Increased

792 views • 49 slides
Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at

504 views • 27 slides
An End-to-End Infrastructure for Cyber-Physical Intrusion Detection REINHARD GENTZ, MAHDI JAMEI,

An End-to-End Infrastructure for Cyber-Physical Intrusion Detection REINHARD GENTZ, MAHDI JAMEI,

An End-to-End Infrastructure for Cyber-Physical Intrusion Detection REINHARD GENTZ, MAHDI JAMEI, ANNA SCAGLIONE ARIZONA STATE UNIVERSITY, USA CREDC Workshop 2017 1 What is Cyber Physical Intrusion Detection CPS Cyber Physical System

123 views • 11 slides
VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer 1 , Yong Kiam Tan 1 , Stefan Mitsch 1 , Magnus O. Myreen 2 , and Andr e Platzer 1 Carnegie Mellon University 1 Chalmers University of Technology 2

672 views • 44 slides
State Consistencies for Cyber- Physical System Recovery Fanxin Kong, S yracuse Universit y

State Consistencies for Cyber- Physical System Recovery Fanxin Kong, S yracuse Universit y

State Consistencies for Cyber- Physical System Recovery Fanxin Kong, S yracuse Universit y okolsky, James Weimer, Insup Lee, Universit y of Oleg S Pennsylvania April 15, 2019 Department of Electrical Engineering and Computer S cience

456 views • 23 slides
A Comparison of High-Level Full-System Power Models Component and system designers

A Comparison of High-Level Full-System Power Models Component and system designers

Who needs power models? A Comparison of High-Level Full-System Power Models Component and system designers How do design decisions affect power? Users Suzanne Rivoire, Sonoma State University How do my usage

191 views • 7 slides
Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on

Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on

Formal Models and Analysis for Self-Adaptive Cyber- Physical Systems International Conference on Formal Aspects of Component Software, Besanon, France, 19 th October 2016. Prof. Dr. Holger Giese Head of the System Analysis & Modeling

704 views • 47 slides
Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2020 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

534 views • 27 slides
Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics ICEN 553/453 Fall 2018 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

565 views • 20 slides
Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1

Cyber-Physical Systems Modeling Physical Dynamics IECE 553/453 Fall 2019 Prof. Dola Saha 1 Modeling Techniques Models that are abstractions of system dynamics (how system behavior changes over time) Modeling physical phenomena

570 views • 40 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
B24B: Useful, Affordable IT for the Poorest 4 billion June 25, 2002 Thomas Kalil

B24B: Useful, Affordable IT for the Poorest 4 billion June 25, 2002 Thomas Kalil

B24B: Useful, Affordable IT for the Poorest 4 billion June 25, 2002 Thomas Kalil tkalil@uclink.berkeley.edu Grand challenge ! Provide affordable, useful digital services to the 4 billion people on the planet earning less than $1,500 ! Not a

399 views • 10 slides
Optical Packet Switching the technology and its potential role in future communication networks

Optical Packet Switching the technology and its potential role in future communication networks

Optical Packet Switching the technology and its potential role in future communication networks Results from IST project . Lars Dittmann COM Technical University of Denmark ld@com.dtu.dk 1 ld@com.dtu.dk Zagreb 210503 What

1.05k views • 20 slides
CORPORATE OFFICE PROPERTIES TRUST Results for 1Q 2020 April 30, 2020 The Preferred Provider

CORPORATE OFFICE PROPERTIES TRUST Results for 1Q 2020 April 30, 2020 The Preferred Provider

CORPORATE OFFICE PROPERTIES TRUST Results for 1Q 2020 April 30, 2020 The Preferred Provider of Mission Critical Real Estate Solutions Table of Contents Results for 1Q 2020............................Page 3 Safe Harbor I. Unless

752 views • 41 slides
QUESTION 4 4.7. Which of the following responds to the Answer All 40 Questions request of a

QUESTION 4 4.7. Which of the following responds to the Answer All 40 Questions request of a

QUESTION 4 4.7. Which of the following responds to the Answer All 40 Questions request of a subscriber by sending a dial tone? 4.1. The physical connection between the Line finder telephone set and the switching equipment is First

77 views • 3 slides
Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan

CSE 127: Computer Security Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage This week How to build secure systems Least privilege and privilege separation

578 views • 46 slides
Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles Introduction to Computer Security Day 7: Defensive programming and design, part 1 Software engineering for security Stephen McCamant Announcements

355 views • 7 slides
Authority Analysis for Least Privilege Environments Toby Murray and Gavin Lowe Oxford

Authority Analysis for Least Privilege Environments Toby Murray and Gavin Lowe Oxford

Authority Analysis for Least Privilege Environments 01 Authority Analysis for Least Privilege Environments Toby Murray and Gavin Lowe Oxford University Computing Laboratory Authority Analysis for Least Privilege Environments 02 The Rise of

797 views • 22 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides

More recommend