• Home

  • Documents

  • External observer with limited observability cannot deduce operation
1
The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems External observer in above scenarios obtains partial information about the entire grid which is not critical where as the internal observer with out DGI can deduce the physical operation on the grid; however, due to the cyber activity involving power balancing, confidentiality is not violated The operation of the system with every node having DGI might lead to malicious threats as outlined; means to mitigate them should be developed External observer with limited observability cannot deduce operation Internal Observer without DGI cannot deduce about the system with out DGI Internal Observer without DGI cannot deduce about the system composed with DGI Each node in this case can be represented in SPA as below: Power flow in the shared power bus is an invariant function of individual gateway loads of the participating nodes and the draw from or contribution to the utility grid Such a system can be defined as below: The DGI algorithm can be represented in SPA as below Future smart grids integrate distributed renewable energy resources (DRER), distributed energy storage devices (DESD), LOADs, and solid state transformers (SST) The Distributed Grid Intelligence (DGI) applies distributed algorithms in a unique way to achieve economically feasible utilization and storage of alternative energy sources in a distributed fashion Security and Privacy in a Future Smart Grid Student : Ravi Akella, Department of Computer Science Faculty Advisor : Dr. Bruce McMillin, Department of Computer Science Encoding algorithmic and flow semantics for model checking The impacts of using the available partial information at substation level could become critical to protect in context of multiple grids tied to the utility Usage patterns and social regulations impose new challenges This work was supported in part by the Future Renewable Electric Energy Distribution Management Center; a National Science Foundation supported Engineering Research Center, under grant NSF EEC-0812121 and NSF CSR award CCF- 0614633 and Intelligent Systems Center at Missouri S&T. Modeling of the scenarios are preformed in a Security Process Algebraic (SPA) approach Information flow models are then applied to verify confidentiality CONFIDENTIALITY WITH NO DGI Partial information about load states of other nodes can be obtained by being a part of the DGI subsystem Normal Knows about nodes in Demand state and their costs which are sent in response to a supply request to estimate migration Supply Respond to Supply requests with cost to get an approximation of the supply node cost Demand CONFIDENTIALITY WITH DGI FUTURE WORK APPROACH INTRODUCTION OBJECTIVES ACKNOWLEDGEMENTS Model different behaviors of the system using Formal tools- This includes capturing of the inherent concurrency, temporal and non-deterministic elements of the system along with its physical representation Analyze the confidentiality of information flow in various scenarios and model secure operations in the cyber- physical infrastructure- Physically observable behavior at the cyber-physical boundary and the nature of physical events in the system could violate security and privacy The Power balancing algorithm keeps all nodes “balanced” with respect to their Supply, Demand and Normal states Pass messages negotiating load changes until the system has stabilized Every node maintains partial information of other nodes in the system CONCLUSIONS Would you sign up for a discount with your power company in exchange for surrendering control of your thermostat? What if it means that, one day, your auto insurance company will know that you regularly arrive home on weekends at 2:15 a.m., just after the bars close? (MSNBC Red Tape Chronicles 2009) The operation is not secure with respect to a malicious DGI process which manipulates its state (Normal /Demand /Supply) to ascertain other DGI states Externa l Observe r Wind isn’t blowing and Fred is selling to the grid ??? AA..hh!! Fred is dishonest My utility bill is high ..again! Am I getting any power from Fred? Bisimulation based Non Deducibility on Composition : What a low- lever user sees in the system is consistent even after the execution of high level processes Let me get richer by selling my excess “free energy” to the utility rather than to Barney?

External observer with limited observability cannot deduce operation

  • Upload
    gerodi

  • View
    29

  • Download
    0

Embed Size (px)

DESCRIPTION

Security and Privacy in a Future Smart Grid. The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems - PowerPoint PPT Presentation

Citation preview

Page 1: External observer with limited observability cannot deduce operation

The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems

External observer in above scenarios obtains partial information about the entire grid which is not critical where as the internal observer with out DGI can deduce the physical operation on the grid; however, due to the cyber activity involving power balancing, confidentiality is not violated

The operation of the system with every node having DGI might lead to malicious threats as outlined; means to mitigate them should be developed

External observer with limited observability cannot deduce operation

Internal Observer without DGI cannot deduce about the system with out DGI

Internal Observer without DGI cannot deduce about the system composed with DGI

Each node in this case can be represented in SPA as below:

Power flow in the shared power bus is an invariant function of individual gateway loads of the participating nodes and the draw from or contribution to the utility grid

Such a system can be defined as below:

The DGI algorithm can be represented in SPA as below

Future smart grids integrate distributed renewable energy resources (DRER), distributed energy storage devices (DESD), LOADs, and solid state transformers (SST)

The Distributed Grid Intelligence (DGI) applies distributed algorithms in a unique way to achieve economically feasible utilization and storage of alternative energy sources in a distributed fashion

Security and Privacy in a Future Smart GridStudent: Ravi Akella, Department of

Computer Science

Faculty Advisor: Dr. Bruce McMillin, Department of Computer Science

Encoding algorithmic and flow semantics for model checking

The impacts of using the available partial information at substation level could become critical to protect in context of multiple grids tied to the utility

Usage patterns and social regulations impose new challenges

This work was supported in part by the Future Renewable Electric Energy Distribution Management Center; a National Science Foundation supported Engineering Research Center, under grant NSF EEC-0812121 and NSF CSR award CCF-0614633 and Intelligent Systems Center at Missouri S&T.

Modeling of the scenarios are preformed in a Security Process Algebraic (SPA) approach

Information flow models are then applied to verify confidentiality

CONFIDENTIALITY WITH NO DGI

• Partial information about load states of other nodes can be obtained by being a part of the DGI subsystem

Normal

• Knows about nodes in Demand state and their costs which are sent in response to a supply request to estimate migration

Supply

• Respond to Supply requests with cost to get an approximation of the supply node cost

Demand

CONFIDENTIALITY WITH DGI

FUTURE WORK

APPROACHINTRODUCTION

OBJECTIVES

ACKNOWLEDGEMENTS

Model different behaviors of the system using Formal tools- This includes capturing of the inherent concurrency, temporal and non-deterministic elements of the system along with its physical representation

Analyze the confidentiality of information flow in various scenarios and model secure operations in the cyber-physical infrastructure- Physically observable behavior at the cyber-physical boundary and the nature of physical events in the system could violate security and privacy

The Power balancing algorithm keeps all nodes “balanced” with respect to their Supply, Demand and Normal states

Pass messages negotiating load changes until the system has stabilized

Every node maintains partial information of other nodes in the system

CONCLUSIONS

Would you sign up for a discount with your power company in exchange for surrendering control of your thermostat? What if it means that, one day, your auto insurance company will know that you regularly arrive

home on weekends at 2:15 a.m., just after the bars close? (MSNBC Red Tape Chronicles 2009)

The operation is not secure with respect to a malicious DGI process which manipulates its state (Normal /Demand /Supply) to ascertain other DGI states

External Observer

Wind isn’t blowing and Fred is selling to the grid ??? AA..hh!! Fred is dishonest

My utility bill is high ..again! Am I getting any power from Fred?

Bisimulation based Non Deducibility on Composition: What a low-lever user sees in the system is consistent even after the execution of high level processes

Let me get richer by selling my excess “free energy” to the utility rather than to Barney?

Controllability and Observability

Controllability and Observability

Documents
Observability and unique continuation inequalities … · Observability and unique continuation inequalities for the Schrodinger ... we present several observability and unique continuation

Observability and unique continuation inequalities … · Observability and unique continuation inequalities for the Schrodinger ... we present several observability and unique continuation

Documents
System Observability , Diagnosis, and Prognosis

System Observability , Diagnosis, and Prognosis

Documents
Improving Observability In Your Observability

Improving Observability In Your Observability

Documents
Digital Control Systems Controllability&Observability

Digital Control Systems Controllability&Observability

Documents
Chapter Five Controllability and Observability

Chapter Five Controllability and Observability

Documents
The Road to Observability

The Road to Observability

Documents
Observability measures for nonlinear systems...Observability measures for nonlinear systems Shen Zeng Abstract—In this paper, the nonlinear observability problem is revisited and

Observability measures for nonlinear systems...Observability measures for nonlinear systems Shen Zeng Abstract—In this paper, the nonlinear observability problem is revisited and

Documents
Lec 3: Stability, Controllability & Observability

Lec 3: Stability, Controllability & Observability

Documents
Observability and Observer Design for Switched Nonlinear ... fileIntroduction Review of Linear Case Geometric Conditions Observer DesignConclusion Switched Systems & Observability

Observability and Observer Design for Switched Nonlinear ... fileIntroduction Review of Linear Case Geometric Conditions Observer DesignConclusion Switched Systems & Observability

Documents
The Foundations of Enterprise Observability

The Foundations of Enterprise Observability

Documents
Monitoring & Observability

Monitoring & Observability

Documents
Monitoring and observability

Monitoring and observability

Technology
Benchmarking for Observability

Benchmarking for Observability

Documents
Lecture 5 Observability and state estimationLecture 5 Observability and state estimation • state estimation • discrete-time observability • observability – controllability

Lecture 5 Observability and state estimationLecture 5 Observability and state estimation • state estimation • discrete-time observability • observability – controllability

Documents
Predictability, forecastability, and observability

Predictability, forecastability, and observability

Documents
FAULT LOCATION ALGORITHMS, OBSERVABILITY AND …

FAULT LOCATION ALGORITHMS, OBSERVABILITY AND …

Documents
A Beginner’s Guide to Observability

A Beginner’s Guide to Observability

Documents
Observability - University of California, San Diegooodgeroo.ucsd.edu/.../ewExternalFiles/Lecture5_observability.pdf · (Re)Constructibility Observability deals with recovering the

Observability - University of California, San Diegooodgeroo.ucsd.edu/.../ewExternalFiles/Lecture5_observability.pdf · (Re)Constructibility Observability deals with recovering the

Documents
Topic: Observability Platforms

Topic: Observability Platforms

Documents
Accounting for Observer’s Partial Observability in ......for partial observability (of an observer) in stochastic environments. The new model, which we call Partially-Observable

Accounting for Observer’s Partial Observability in ......for partial observability (of an observer) in stochastic environments. The new model, which we call Partially-Observable

Documents
Observability Analysis of Collaborative Opportunistic ......PWCS observability, stochastic observability, and estimability. Section III describes the COpNav environment dynamics and

Observability Analysis of Collaborative Opportunistic ......PWCS observability, stochastic observability, and estimability. Section III describes the COpNav environment dynamics and

Documents
Container Monitoring and Observability

Container Monitoring and Observability

Documents
LMIs for Observability and Observer Design - Lecture 06 ...control.asu.edu/Classes/MAE598/598Lecture06.pdf · The Observability Gramian De nition 7. For pair (C;A), the Observability

LMIs for Observability and Observer Design - Lecture 06 ...control.asu.edu/Classes/MAE598/598Lecture06.pdf · The Observability Gramian De nition 7. For pair (C;A), the Observability

Documents
Controllability, Observability and Realizability

Controllability, Observability and Realizability

Documents
Observability - DESY

Observability - DESY

Documents
Chapter 3 Controllability Observability

Chapter 3 Controllability Observability

Documents
Ch4 Observability Tools

Ch4 Observability Tools

Documents
GigaOm Radar for Cloud Observability

GigaOm Radar for Cloud Observability

Documents
UNIX OS Observability Tools

UNIX OS Observability Tools

Documents