1 / 1

External observer with limited observability cannot deduce operation

Security and Privacy in a Future Smart Grid. The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems

gerodi
Download Presentation

External observer with limited observability cannot deduce operation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security and Privacy in a Future Smart Grid • The contribution of this work has been the application of formal methods for secure operations of cyber-physical systems • External observer in above scenarios obtains partial information about the entire grid which is not critical where as the internal observer with out DGI can deduce the physical operation on the grid; however, due to the cyber activity involving power balancing, confidentiality is not violated • The operation of the system with every node having DGI might lead to malicious threats as outlined; means to mitigate them should be developed • External observer with limited observability cannot deduce operation • Internal Observer without DGI cannot deduce about the system with out DGI • Internal Observer without DGI cannot deduce about the system composed with DGI • Each node in this case can be represented in SPA as below: • Power flow in the shared power bus is an invariant function of individual gateway loads of the participating nodes and the draw from or contribution to the utility grid • Such a system can be defined as below: • The DGI algorithm can be represented in SPA as below • Modeling of the scenarios are preformed in a Security Process Algebraic (SPA) approach • Information flow models are then applied to verify confidentiality Student: Ravi Akella, Department of Computer Science Faculty Advisor: Dr. Bruce McMillin, Department of Computer Science Would you sign up for a discount with your power company in exchange for surrendering control of your thermostat? What if it means that, one day, your auto insurance company will know that you regularly arrive home on weekends at 2:15 a.m., just after the bars close? (MSNBC Red Tape Chronicles 2009) CONFIDENTIALITY WITH DGI INTRODUCTION OBJECTIVES • Future smart grids integrate distributed renewable energy resources (DRER), distributed energy storage devices (DESD), LOADs, and solid state transformers (SST) • The Distributed Grid Intelligence (DGI) applies distributed algorithms in a unique way to achieve economically feasible utilization and storage of alternative energy sources in a distributed fashion • Bisimulation based Non Deducibility on Composition: What a low-lever user sees in the system is consistent even after the execution of high level processes Let me get richer by selling my excess “free energy” to the utility rather than to Barney? • The Power balancing algorithm keeps all nodes “balanced” with respect to their Supply, Demand and Normal states • Pass messages negotiating load changes until the system has stabilized • Every node maintains partial information of other nodes in the system • Model different behaviors of the system using Formal tools- This includes capturing of the inherent concurrency, temporal and non-deterministic elements of the system along with its physical representation • Analyze the confidentiality of information flow in various scenarios and model secure operations in the cyber-physical infrastructure- Physically observable behavior at the cyber-physical boundary and the nature of physical events in the system could violate security and privacy My utility bill is high ..again! Am I getting any power from Fred? Wind isn’t blowing and Fred is selling to the grid ??? AA..hh!! Fred is dishonest External Observer • The operation is not secure with respect to a malicious DGI process which manipulates its state (Normal /Demand /Supply) to ascertain other DGI states CONFIDENTIALITY WITH NO DGI CONCLUSIONS ACKNOWLEDGEMENTS APPROACH FUTURE WORK • Encoding algorithmic and flow semantics for model checking • The impacts of using the available partial information at substation level could become critical to protect in context of multiple grids tied to the utility • Usage patterns and social regulations impose new challenges This work was supported in part by the Future Renewable Electric Energy Distribution Management Center; a National Science Foundation supported Engineering Research Center, under grant NSF EEC-0812121 and NSF CSR award CCF-0614633 and Intelligent Systems Center at Missouri S&T.

More Related