summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--paper/safety-reset-paper.bib11
-rw-r--r--paper/safety-reset-paper.tex54
2 files changed, 38 insertions, 27 deletions
diff --git a/paper/safety-reset-paper.bib b/paper/safety-reset-paper.bib
index 5aebd55..5861efb 100644
--- a/paper/safety-reset-paper.bib
+++ b/paper/safety-reset-paper.bib
@@ -949,6 +949,17 @@
url = {https://purehost.bath.ac.uk/ws/files/134381670/a_comparative_study_between_diode_and_thyristor_based_AC_to_DC_converters_for_aluminium_smelting_process.pdf}
}
+@article{pvyh03,
+ author={Pavlidou, N. and Han Vinck, A.J. and Yazdani, J. and Honary, B.},
+ journal={IEEE Communications Magazine},
+ title={Power line communications: state of the art and future trends},
+ year={2003},
+ volume={41},
+ number={4},
+ pages={34-40},
+ doi={10.1109/MCOM.2003.1193972}}
+}
+
@misc{wright01,
author = {Paul S. Wright},
year = {2019},
diff --git a/paper/safety-reset-paper.tex b/paper/safety-reset-paper.tex
index 2525b67..fc1f321 100644
--- a/paper/safety-reset-paper.tex
+++ b/paper/safety-reset-paper.tex
@@ -21,12 +21,11 @@
\copyrightyear{2022}
\acmYear{2022}
-\setcopyright{acmlicensed}
-\acmConference[ACSAC 2022]{Annual Computer Security Applications Conference}{December 5--9, 2022}{Austin, USA}
-\acmBooktitle{Annual Computer Security Applications Conference (ACSAC 2022), December 5--9, 2022, Austin, USA}
-\acmPrice{XX.XX}
-\acmDOI{10.1145/XXXXXXX.XXXXXXX}
-\acmISBN{978-X-XXXX-XXXX-X/XX/XX}
+\setcopyright{rightsretained}
+\acmConference[ACSAC]{Annual Computer Security Applications Conference}{December 5--9, 2022}{Austin, TX, USA}
+\acmBooktitle{Annual Computer Security Applications Conference (ACSAC), December 5--9, 2022, Austin, TX, USA}
+\acmDOI{10.1145/3564625.3564640}
+\acmISBN{978-1-4503-9759-9/22/12}
\begin{document}
@@ -186,11 +185,14 @@ grid-connected generators and motors is what regulates frequency.
Grid frequency modulation works by quickly modulating the power of a large, grid-connected load or generator. When this
modulation is at low amplitude and high frequency, it is below the thresholds set for the grid's automated control
systems and monitoring systems and it will directly affect frequency according to the grid's inertia. GFM differs from
-traditional Powerline Communication (PLC) systems in that it reaches every device within one synchronous area as the
-signal is embedded into the fundamental grid frequency. Traditional PLC uses a superimposed voltage, which is quickly
-attenuated across long distances. Practically speaking, using GFM a single large transmitter can cover an entire
-synchronous area, while in traditional PLC hundreds or thousands of smaller transmitters would be necessary. Unlike
-traditional PLC, any large industrial load that allows for fast computer control can act as a GFM transmitter.
+traditional Powerline Communication (PLC) systems in that it works at much lower frequencies, it directly modulates the
+grid's fundamental frequency instead of superimposing an additional signal on top of it, and by nature it reaches every
+device within one synchronous area as the signal is embedded into the fundamental grid frequency. Traditional PLC uses a
+superimposed voltage, which is quickly attenuated across long distances. Practically speaking, using GFM a single large
+transmitter can cover an entire synchronous area, while in traditional PLC hundreds or thousands of smaller transmitters
+would be necessary. Unlike traditional PLC, any large industrial load that allows for fast computer control with slew
+rates in the order of several percent of total load per second can act as a GFM transmitter with minimal or no hardware
+modifications.
\begin{figure}
\centering
@@ -384,10 +386,11 @@ chosen for the meters' uplink.
Since the early days of the electrical grid, powerline communication has been used to control devices spread throughout
the grid from a central transmitter~\cite{rs48}. PLC systems super-impose a modulated high-frequency signal on top of
-the grid voltage. When the carrier frequency of this modulation is in the audible frequency range, low data rates can be
-transmitted over distances of several tens of kilometers. By using a radio frequency carrier, higher data rates can be
-achieved across shorter distances. Audio frequency PLC, called ``ripple control'', is still used today by utilities to
-enable demand-side response, by remotely switching on and off water heaters to avoid times of peak electricity demand.
+the grid voltage. When the carrier frequency of this modulation is in the audible frequency range, low data
+rates can be transmitted over distances of several tens of kilometers. By using a radio frequency carrier, higher data
+rates can be achieved across shorter distances\cite{pvyh03}. Audio frequency PLC, called ``ripple control'', is still
+used today by utilities to enable demand-side response, by remotely switching on and off water heaters to avoid times of
+peak electricity demand.
Usually, such powerline communication systems are uni-directional but they are instance of bi-directional powerline
communication for smart meter reading such as the italian smart meter deployment~\cite{ec03,rs48,gungor01,agf16}.
@@ -454,10 +457,11 @@ continental European grid. A report on an event where an oscillation on one such
\cite{entsoe01}.
In~\cite{zlmz+21}, Zou, Liu, Ma et al.\ analyzed the possibility of a modal attack in which electric vehicle chargers
-rapidly modulate their power to force an oscillation of a poorly dampened wide-area electromechanical mode. Using
-mathematical analysis, small-scale simulations and practical experiments they validated the attack scenario and
+rapidly modulate their power to force an oscillation of a poorly dampened wide-area electromechanical mode. In their
+model an attacker compromises a backend smart grid control system that controls a large number of EV chargers. Using
+mathematical analysis, small-scale simulations and limited practical experiments they validated the attack scenario and
developed a countermeasure that can be implemented as part of generator control systems and that when activated can
-suppress forced oscillations of wide-area electromechanical modes.
+suppress forced oscillations of wide-area electromechanical modes.
On the device side of the smart grid, research has concentrated on smart meter security. Smart meters are
architecturally similar to IoT devices~\cite{zheng01,ifixit01}, but come with different challenges. Similar to a
@@ -786,7 +790,7 @@ public key cryptography inside the smart meter.
Formally, we can describe our simple cryptographic protocol as follows. Given an $m$-bit cryptographic hash function $H
: \{0,1\}^*\rightarrow\{0,1\}^m$ and a private key $k_0 \in \{0,1\}^m$, we construct the public key as
-$k_{n_\text{total}} = H^{n_\text{total}}(k_0)$ where $H^n(x)$ denotes the $n$-times recursive application of $H$ to
+$k_{n_\text{total}} = H^{n_\text{total}}(k_0)$ where $H^n(x)$ denotes the $n$-fold recursive application of $H$ to
itself, i.e.\ $H(H(\hdots H(x)))$. $n_\text{total}$ is the total number of signatures that the system can
issue over its lifetime. $n_\text{total}$ must be chosen with adequate safety margin to account for unpredictable future
use of the system. The choice of $n_\text{total}$ is of no consequence when a device checks reset authorization, but key
@@ -968,19 +972,15 @@ a practical demonstration of broadcast data transmission through grid frequency
controllable load as well as further optimization of the modulation and data encoding as well as the demodulator
implementation.
-Source code and EDA designs are available at the public repository listed at the end of this document.
+\subsection{Artifacts}
+
+Source code for the demonstrator and simulations, as well as hardware EDA designs are available at the public git
+repository at the following URL:\\\center{\url{https://git.jaseg.de/safety-reset.git}}
\begin{acks}
This work has been co-funded by the LOEWE initiative (Hesse, Germany) within the emergenCITY center.
\end{acks}
-\center{
- \footnotesize
- %\center{This is version \texttt{\input{version.tex}\unskip} of this paper, generated on \today.}
- \center{Source files and associated data for this work can be found in the git repository at the following URL:
- \url{https://git.jaseg.de/safety-reset.git} }
-}
-
\bibliographystyle{ACM-Reference-Format}
\bibliography{\jobname}