An Early Warning System Based on Reputation for Energy Control
Systems
A Review by Raghu RanganWPI CS525September 19, 2012An Early
Warning System Based on Reputation for Energy Control
SystemsProblem/GoalSupervisory Control and Data Acquisition systems
are not secure enoughCan only detect anomalous events occurring at
a certain momentSerious consequences if part of the control and
substations are disruptedPropose an intelligent early warning
systemCapable of preventing anomalous situationsAnd reacting
against them on time
Early Warning SystemsFour main componentsDetection: sensorial
nodesReactionInformation recollection: to store evidenceAlarm
ManagementAll of the components have to be
activeBeforeDuringAfterBackgroundWireless sensor networksCapable of
providing all services for EWSNodes are able to monitor, detect,
track and alertLower installation and maintenance costs compared to
remote terminal unitPaper focuses on ISA 100.11aExtension of
WirelessHARTOffers set of servicesReliability of
communicationDiagnosisAlert and priority managementReputation and
Trust ManagementTrust and reputation systems aid with dealing with
uncertaintyKnowing the reputation of nodes and their behaviorAllows
nodes to make suitable decisionsStill in the early stage of
researchCurrently for ad-hoc and P2P networksThis system will be
used for mesh and star networksEWS will use clustersGeneral
Architecture
Cluster Head ArchitectureCluster headIn charge of gathering and
analyzing reputation values of nodes
Pattern AssociationPattern AssociationTakes data from Message
NormalizationVerifies the nature of the messageChecks if the
message arrived in a valid time period
Reputation ManagerReputation ManagerAids in determining which
nodes in cluster are not functioning properlyUpdates reputation
value of each node in clusterProvides info on nodes to gateway
The Gateway ArchitectureAnalysis of alerts from cluster heads
done in ARODepending on the queue and its prioritiesSend alert to
SCADA CentreActivate operator location componentFor critical
alerts
Updating ReputationGiven the priority of the alertThe reputation
of the node is updatedOperator determines the priority of the
alertsTwo cases for updating node reputationIf alert priority was
as critical as determinedNode behaved correctlyReputation
increasedIf alert priority was not as critical as
determinedReputation of node decreased
Application Case ScenarioTest scenario for EWS in smart grid
systemFive cases identified by cluster headsExplain what the system
should do in each case
Cluster Head Cases
Case Behaviors
Case 1 is an alertPattern association component analyzes and
sends to RM
Case 2 is a normal messageNo anomalous readingsStored in cache
and sent to aggregation componentCase Behaviors
Case 3 is an anomalous situationData is outside the specified
boundariesInformation forwarded to RMAlert sent out
(event_reading_out_threshold)Reputation of nodes updated
Case Behaviors
Case 4: system is under a replay attackNode is already
compromisedRM generates alertCase 5: message is lost in the
networkLow priority alert sentReputation of nodes not updatedFuture
ImplementationThe next step is to actually implement this
architecture in a simulationUsing TinyOS (open source OS for
WSN)Expected resultsFast response and protectionSafety and
securityPerformanceAdaptabilityAuditing and maintenance
DiscussionExtra: ISA 100.11a
Figure from:
http://cantwell.co.nz/blog/archives/2011/06/16/wireless-for-industry/
