From 6ab3ac3dff6a7b9405184b4b45334bbc7f0dbee1 Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 1 Apr 2020 18:27:14 +0200 Subject: Update thesis --- ma/Makefile | 4 +- ma/murks.tex | 12 +- ma/safety_reset.bib | 191 +++++++++++++++--- ma/safety_reset.pdf | Bin 364573 -> 42 bytes ma/safety_reset.tex | 543 +++++++++++++++++++++++++++++++++++++++++++++++++--- 5 files changed, 695 insertions(+), 55 deletions(-) mode change 100644 => 120000 ma/safety_reset.pdf (limited to 'ma') diff --git a/ma/Makefile b/ma/Makefile index 3645f5f..f693b51 100644 --- a/ma/Makefile +++ b/ma/Makefile @@ -9,9 +9,9 @@ MAKEFLAGS += --no-builtin-rules all: safety_reset.pdf %.pdf: %.tex %.bib - pdflatex $< + pdflatex -shell-escape $< biber $* - pdflatex $< + pdflatex -shell-escape $< .PHONY: clean clean: diff --git a/ma/murks.tex b/ma/murks.tex index 4c3527e..91129cf 100644 --- a/ma/murks.tex +++ b/ma/murks.tex @@ -17,8 +17,10 @@ \makeatletter -\newcommand*{\@titelTitel}{Titel der Arbeit} -\newcommand{\titel}[1]{\renewcommand*{\@titelTitel}{#1}} % Titel der Arbeit +\newcommand*{\@titelTitelEN}{Titel der Arbeit (EN)} +\newcommand*{\@titelTitelDE}{Titel der Arbeit (DE)} +\newcommand{\titelen}[1]{\renewcommand*{\@titelTitelEN}{#1}} % Titel der Arbeit +\newcommand{\titelde}[1]{\renewcommand*{\@titelTitelDE}{#1}} % Titel der Arbeit \newcommand*{\@titelArbeit}{Arbeitstyp} \newcommand{\typ}[1]{\renewcommand*{\@titelArbeit}{#1}} % Typ der Arbeit \newcommand*{\@titelGrad}{akademischer Grad} @@ -75,8 +77,10 @@ \begin{center} \begin{doublespace} \vspace{\baselineskip} - {\LARGE \textbf{\@titelTitel}}\\ - %\vspace{1\baselineskip} + {\LARGE \textbf{\@titelTitelEN}}\\ + \vspace{1cm} + {\large \textbf{\@titelTitelDE}}\\ + \vspace{1cm} {\Large \@titelArbeit\\ zur Erlangung des akademischen Grades\\ diff --git a/ma/safety_reset.bib b/ma/safety_reset.bib index 5a81b4e..cbec74b 100644 --- a/ma/safety_reset.bib +++ b/ma/safety_reset.bib @@ -1,3 +1,4 @@ +% Encoding: UTF-8 @online{bnetza1, author = {Bundesnetzagentur}, publisher = {Bundesnetzagentur}, @@ -563,16 +564,16 @@ title = {Power System Oscillations}, year = {2000} } - -@proceedings{grebe01, - author = {E. Grebe and J. Kabouris and S. L{\'o}pez Barba and W. Sattinger and W. Winter}, - doi = { 10.1109/PES.2010.5589932 {\textperiodcentered}}, - journaltitle = {IEEE PES General Meeting}, - month = aug, - publisher = {IEEE}, - title = {Low Frequency Oscillations in the Interconnected System of Continental Europe}, - year = {2010} -} + +@Proceedings{grebe01, + title = {Low Frequency Oscillations in the Interconnected System of Continental Europe}, + doi = {10.1109/PES.2010.5589932 {\textperiodcentered}}, + publisher = {IEEE}, + author = {E. Grebe and J. Kabouris and S. L{\'o}pez Barba and W. Sattinger and W. Winter}, + journaltitle = {IEEE PES General Meeting}, + month = aug, + year = {2010}, +} @article{mcdaniel01, author = {McDaniel Patrick and McLaughlin Stephen}, @@ -582,18 +583,17 @@ title = {Security and Privacy Challenges in the Smart Grid}, year = {2009} } - -@article{schafer01, - author = {Benjamin Sch{\"a}fer and Moritz Matthiae and Marc Timme and Dirk Witthaut}, - doi = { doi:10.1088/1367-2630/17/1/015002 -}, - journaltitle = {New Journal of Physics}, - month = jan, - publisher = {IOP/DPG}, - title = {Decentral Smart Grid Control}, - volume = {17}, - year = {2015} -} + +@Article{schafer01, + author = {Benjamin Sch{\"a}fer and Moritz Matthiae and Marc Timme and Dirk Witthaut}, + journaltitle = {New Journal of Physics}, + title = {Decentral Smart Grid Control}, + doi = {doi:10.1088/1367-2630/17/1/015002}, + volume = {17}, + month = jan, + publisher = {IOP/DPG}, + year = {2015}, +} @article{kosut01, author = {Oliver Kosut and Liyan Jia and Robert J. Thomas and Lang Tong}, @@ -675,4 +675,149 @@ volume = {66}, year = {2014} } - + +@Article{dzung01, + author = {Dacfey Dzung and Inigo Berganza and Alberto Sendin}, + date = {2011}, + journaltitle = {2011 IEEE International Symposium on Power Line Communications and Its Applications}, + title = {Evolution of powerline communications for smart distribution: From Ripple Control to OFDM}, + doi = {10.1109/ISPLC.2011.5764444}, + url = {https://www.researchgate.net/profile/Inigo_Berganza/publication/224236306_Evolution_of_powerline_communications_for_smart_distribution_From_ripple_control_to_OFDM/links/5c658800299bf1d14cc74cbd/Evolution-of-powerline-communications-for-smart-distribution-From-ripple-control-to-OFDM.pdf}, +} + +@WWW{hovi01, + author = {Jochen Fritz and Alexander Hovi}, + date = {2020}, + title = {Transkommando-System}, + url = {http://www.rundsteuerung.de/entwicklung/transkommando.html}, + journaltitle = {Rundsteuertechnik: Übertragung von Steuersignalen über das Energieversorgungsnetz}, +} + +@Book{kundur01, + author = {Kundur, Prabha and Balu, Neal J and Lauby, Mark G}, + date = {1994}, + title = {Power system stability and control}, + publisher = {McGraw-hill New York}, + volume = {7}, + year = {1994}, +} + +@Book{goiser01, + author = {Alois M. J. Goiser}, + date = {1998}, + title = {Handbuch der Spread-Spectrum Technik}, + isbn = {3-211-83080-4}, + publisher = {Springer}, +} + +@TechReport{lamport02, + author = {Lamport, Leslie}, + date = {19}, + institution = {Technical Report CSL-98, SRI International}, + title = {Constructing digital signatures from a one-way function}, + year = {1979}, +} + +@InProceedings{buchmann01, + author = {Buchmann, Johannes and Dahmen, Erik and Ereth, Sarah and H{\"u}lsing, Andreas and R{\"u}ckert, Markus}, + booktitle = {International Conference on Cryptology in Africa}, + title = {On the security of the Winternitz one-time signature scheme}, + organization = {Springer}, + pages = {363--378}, + year = {2011}, +} + +@InProceedings{merkle01, + author = {Merkle, Ralph C}, + booktitle = {Conference on the Theory and Application of Cryptology}, + title = {A certified digital signature}, + organization = {Springer}, + pages = {218--238}, + year = {1989}, +} + +@InProceedings{dods01, + author = {Dods, Chris and Smart, Nigel P and Stam, Martijn}, + booktitle = {IMA International Conference on Cryptography and Coding}, + title = {Hash based digital signature schemes}, + organization = {Springer}, + pages = {96--115}, + year = {2005}, +} + +@TechReport{gasior01, + author = {Gasior, M and Gonzalez, JL}, + institution = {CERN-AB-Note-2004-021}, + title = {Improving FFT frequency measurement resolution by parabolic and gaussian interpolation}, + year = {2004}, +} + +@InProceedings{giudice01, + author = {Del Giudice, Antonio and Graditi, Giorgio and Pietrosanto, Antonio and Paciello, Vincenzo}, + booktitle = {2015 IEEE International Workshop on Measurements \& Networking (M\&N)}, + title = {Power quality in smart distribution grids}, + organization = {IEEE}, + pages = {1--6}, + year = {2015}, +} + +@Article{virtanen01, + author = {{Virtanen}, Pauli and {Gommers}, Ralf and {Oliphant}, Travis E. and {Haberland}, Matt and {Reddy}, Tyler and {Cournapeau}, David and {Burovski}, Evgeni and {Peterson}, Pearu and {Weckesser}, Warren and {Bright}, Jonathan and {van der Walt}, St{\'e}fan J. and {Brett}, Matthew and {Wilson}, Joshua and {Jarrod Millman}, K. and {Mayorov}, Nikolay and {Nelson}, Andrew R.~J. and {Jones}, Eric and {Kern}, Robert and {Larson}, Eric and {Carey}, CJ and {Polat}, {\.I}lhan and {Feng}, Yu and {Moore}, Eric W. and {Vand erPlas}, Jake and {Laxalde}, Denis and {Perktold}, Josef and {Cimrman}, Robert and {Henriksen}, Ian and {Quintero}, E.~A. and {Harris}, Charles R and {Archibald}, Anne M. and {Ribeiro}, Ant{\^o}nio H. and {Pedregosa}, Fabian and {van Mulbregt}, Paul and {Contributors}, SciPy 1. 0}, + title = {{SciPy 1.0: Fundamental Algorithms for Scientific Computing in Python}}, + doi = {https://doi.org/10.1038/s41592-019-0686-2}, + pages = {261--272}, + volume = {17}, + adsurl = {https://rdcu.be/b08Wh}, + journal = {Nature Methods}, + year = {2020}, +} + +@Article{derviskadic01, + author = {Dervi{\v{s}}kadi{\'c}, Asja and Romano, Paolo and Paolone, Mario}, + title = {Iterative-interpolated DFT for synchrophasor estimation: A single algorithm for P-and M-class compliant PMUs}, + number = {3}, + pages = {547--558}, + volume = {67}, + journal = {IEEE Transactions on Instrumentation and Measurement}, + publisher = {IEEE}, + year = {2017}, +} + +@Article{narduzzi01, + author = {Narduzzi, Claudio and Bertocco, Matteo and Frigo, Guglielmo and Giorgi, Giada}, + title = {Fast-TFM—Multifrequency phasor measurement for distribution networks}, + number = {8}, + pages = {1825--1835}, + volume = {67}, + journal = {IEEE Transactions on Instrumentation and Measurement}, + publisher = {IEEE}, + year = {2018}, +} + +@Article{cheshire01, + author = {Stuart Cheshire and Mary Baker}, + title = {Consistent overhead Byte stuffing}, + doi = {10.1109/90.769765}, + number = {2}, + pages = {159--172}, + volume = {7}, + bibsource = {dblp computer science bibliography, https://dblp.org}, + biburl = {https://dblp.org/rec/journals/ton/CheshireB99.bib}, + journal = {{IEEE/ACM} Trans. Netw.}, + year = {1999}, +} + +@InProceedings{kluyver01, + author = {Thomas Kluyver and Benjamin Ragan{-}Kelley and Fernando P{\'{e}}rez and Brian E. Granger and Matthias Bussonnier and Jonathan Frederic and Kyle Kelley and Jessica B. Hamrick and Jason Grout and Sylvain Corlay and Paul Ivanov and Dami{\'{a}}n Avila and Safia Abdalla and Carol Willing and et al.}, + booktitle = {Positioning and Power in Academic Publishing: Players, Agents and Agendas, 20th International Conference on Electronic Publishing, G{\"{o}}ttingen, Germany, June 7-9, 2016}, + title = {Jupyter Notebooks - a publishing format for reproducible computational workflows}, + doi = {10.3233/978-1-61499-649-1-87}, + editor = {Fernando Loizides and Birgit Schmidt}, + pages = {87--90}, + publisher = {{IOS} Press}, + bibsource = {dblp computer science bibliography, https://dblp.org}, + biburl = {https://dblp.org/rec/conf/elpub/KluyverRPGBFKHG16.bib}, + year = {2016}, +} + +@Comment{jabref-meta: databaseType:biblatex;} diff --git a/ma/safety_reset.pdf b/ma/safety_reset.pdf deleted file mode 100644 index 79882ce..0000000 Binary files a/ma/safety_reset.pdf and /dev/null differ diff --git a/ma/safety_reset.pdf b/ma/safety_reset.pdf new file mode 120000 index 0000000..f1871b3 --- /dev/null +++ b/ma/safety_reset.pdf @@ -0,0 +1 @@ +/mnt/c/Users/jaseg/shared/safety_reset.pdf \ No newline at end of file diff --git a/ma/safety_reset.tex b/ma/safety_reset.tex index 5a256af..154fbda 100644 --- a/ma/safety_reset.tex +++ b/ma/safety_reset.tex @@ -20,8 +20,12 @@ \usepackage{multirow} \usepackage{multicol} \usepackage{tikz} +\usepackage{mathtools} +\DeclarePairedDelimiter{\ceil}{\lceil}{\rceil} +\DeclarePairedDelimiter{\paren}{(}{)} \usetikzlibrary{arrows} +\usetikzlibrary{chains} \usetikzlibrary{backgrounds} \usetikzlibrary{calc} \usetikzlibrary{decorations.markings} @@ -42,7 +46,7 @@ \usepackage[underline=false]{pgf-umlsd} \usetikzlibrary{calc} %\usepackage[pdftex]{graphicx,color} -%\usepackage{epstopdf} +\usepackage{epstopdf} % Needed for murks.tex \usepackage{setspace} \usepackage[draft=false,babel,tracking=true,kerning=true,spacing=true]{microtype} % optischer Randausgleich etc. @@ -56,15 +60,15 @@ % Beispielhafte Nutzung der Vorlage für die Titelseite (bitte anpassen): \input{murks} -\titel{FIXME} % Titel der Arbeit -\typ{Masterarbeit} % Typ der Arbeit: Diplomarbeit, Masterarbeit, Bachelorarbeit -\grad{Master of Science (M. Sc.)} % erreichter Akademischer Grad -% z.B.: Master of Science (M. Sc.), Master of Education (M. Ed.), Bachelor of Science (B. Sc.), Bachelor of Arts (B. A.), Diplominformatikerin +\titelen{A Post-Attack Recovery Architecture for Smart Electricity Meters} +\titelde{Eine Architektur zur Kontrollwiederherstellung nach Angriffen auf Smart Metering in Stromnetzen} +\typ{Masterarbeit} +\grad{Master of Science (M. Sc.)} \autor{Jan Sebastian Götte} -\gebdatum{Aus datenschutzrechtlichen Gründen nicht abgedruckt} % Geburtsdatum des Autors -\gebort{Aus datenschutzrechtlichen Gründen nicht abgedruckt} % Geburtsort des Autors -\gutachter{Prof. Dr. Björn Scheuermann}{FIXME} % Erst- und Zweitgutachter der Arbeit -\mitverteidigung % entfernen, falls keine Verteidigung erfolgt +\gebdatum{Aus Datenschutzgründen nicht abgedruckt} % Geburtsdatum des Autors +\gebort{Aus Datenschutzgründen nicht abgedruckt} % Geburtsort des Autors +\gutachter{Prof. Dr. Björn Scheuermann}{Prof. Dr.-Ing. Eckhard Grass} +\mitverteidigung % entfernen, falls keine Verteidigung erfolgt %FIXME \makeTitel \selbstaendigkeitserklaerung{31.03.2020} \newpage @@ -99,13 +103,13 @@ Smart meters usually are built around a standard microcontroller. \label{sm-cpu} \section{Regulatory frameworks around the world} \subsection{International standards} -\subsection{Regulations in Europe} -\subsection{The regulatory situation in Germany} -\subsection{The regulatory situation in France} -\subsection{The regulatory situation in the UK} -\subsection{The regulatory situation in Italy} -\subsection{The regulatory situation in northern America} -\subsection{The regulatory situation in Japan} +\subsection{The regulatory situation in selected countries} +\subsubsection{Germany} +\subsubsection{France} +\subsubsection{the UK} +\subsubsection{Italy} +\subsubsection{Northern America} +\subsubsection{Japan} \subsection{Common themes} \section{Security in smart grids} @@ -213,7 +217,7 @@ Communication channel attacks are attacks on the communication links between sma attacks on IP-connected parts of the core network or attacks on shared busses between smart meters and IP gateways in substations. Generally, these attacks can be mitigated by securing the aforementioned communication links using modern cryptography. IP links can be protected using TLS, and more low-level busses can be protected using more lightweight -Noise-based protocols. % FIXME cite +Noise\cite{perrin01}-based protocols. Cryptographic security transforms an attackers ability to manipulate communication contents into a mere denial of service attack. Thus, in addition to cryptographic security safety under DoS conditions must be ensured to ensure continued system performance under attacks. This safety property is identical with the safety required to withstand @@ -452,7 +456,7 @@ Microcontrollers have gained enormously in both performance/efficiency as well a gains have largely been driven by insatiable customer demand for faster, more powerful chips and for a long time security has not been considered important outside of some specific niches such as smartcards. Traditionally a microcontroller would spend its entire lifetime without ever being exposed to any networks. Though this trend has been -reversing with the increasing adoption of internet-of-things things % FIXME is this pun ok? +reversing with the increasing adoption of internet-of-things things and more advanced security features have started appearing in general-purpose microcontrollers, most still lack even basic functionality found in processors for computers or smartphones. @@ -470,41 +474,528 @@ simple to reduce attack surface there. \subsection{Safety vs. Security: Opting for restoration instead of prevention} -\subsection{Technical outline of a safety reset} +\subsection{Technical outline of a safety reset system} \section{Communication channels on the grid} -\subsection{Powerline communication systems and their use} + +There is a number of well-established technologies for communication on or along power lines. We can distinguish three +basic system categories: Systems using separate wires (such as DSL over landline telephone wiring), wireless radio +systems (such as LTE) and \emph{powerline communication} (PLC) systems that re-use the existing mains wiring and +superimpose data transmissions on the 50 Hz mains sine\cite{gungor01,kabalci01}. + +For our scenario, we will ignore short-range communication systems. There exists a large number of \emph{wideband} +powerline communication systems that are popular with consumers for bridging ethernet between parts of an apartment or +house. These systems transmit at up to several hundred megabits over distances up to several tens of +meters\cite{kabalci01}. Technologically, these wideband PLC systems are very different from \emph{narrowband} systems +used by utilities for load management among other applications and they are not relevant to our analysis. + +\subsection{Powerline communication (PLC) systems and their use} +In long-distance communications for applications such as load management, PLC systems are attractive since they allow +re-using the existing wiring infrastructure and have been used as early as in the 1930s\cite{hovi01}. Narrowband PLC +systems are a potentially low-cost solution to the problem of transmitting data at small bandwidth over distances of +several hundred meters up to tens of kilometers. + +Narrowband PLC systems transmit on the order of kilobits per second or slower. A common use of this sort of system are +\emph{ripple control} systems. These systems superimpose a low-frequency signal at some few hundred Hertz carrier +frequency on top of the 50Hz mains sine. This low-frequency signal is used to encode switching commands for +non-essential residential or industrial loads. Ripple control systems provide utilities with the ability to actively +control demand while promising small savings in electricity cost to consumers\cite{dzung01}. + +In any PLC system there is a strict tradeoff between bandwidth, power and distance. Higher bandwidth requires higher +power and reduces maximum transmission distance. Where ripple control systems usually use few transmitters to cover +the entire grid of a regional distribution utility, higher-bandwidth bidirectional systems used for automatic meter +reading (AMR) in places such as italy or france require repeaters within a few hundred meters of a transmitter. + +\subsection{Landline and wireless IP-based systems} +Especially in automated meter reading (AMR) infrastructure the cost-benefit tradeoff of powerline systems does not +always work out for utilities. A common alternative in these systems is to use the public internet for communication. +Using the public internet has the advantage of low initial investment on the part of the utility company as well as +quick commissioning. Disadvantages compared to a PLC system are potentially higher operational costs due to recurring +fees to network providers as well as lower reliability. Being integrated into power grid infrastructure, a PLC system's +failure modes are highly correlated with the overall grid. Put briefly, if the PLC interface is down, there is a good +chance that power is out, too. In contrast to this general internet services exhibit a multitude of failures that are +entirely decorrelated from power grid stability. + +For purposes such as meter reading for billing purposes, this stability is sufficient. However for systems that need to +hold up in crisis situations such as the recovery system we are contemplating in this thesis, the public internet may +not provide sufficient reliability. + \subsection{Proprietary wireless systems} -\subsection{Landline IP} -\subsection{IP-based wireless systems} +% FIXME + \subsection{Frequency modulation as a communication channel} -For our system, we chose grid frequency modulation (henceforth GFC) as a low-bandwidth uni-directional communications channel. -Compared to traditional PLC GFC requires no additional hardware, works reliably throughout the grid and is harder to -manipulate by a malicious actor. -% FIXME \cite{urtasun01} +For our system, we chose grid frequency modulation (henceforth GFM) as a low-bandwidth uni-directional broadcast +communications channel. Compared to traditional PLC GFM requires only a small amount of additional hardware, works +reliably throughout the grid and is harder to manipulate by a malicious actor. + +Grid frequency in europe's synchronous areas is nominally 50 Hertz, but there are small load-dependent variations from +this nominal value. Any device connected to the power grid (or even just within physical proximity of power wiring) can +reliably and accurately measure grid frequency at low hardware overhead. By intentionally modifying grid frequency, we +can create a very low-bandwidth broadcast communication channel. Grid frequency modulation has only ever been proposed +as a communications channel at very small scales in microgrids before\cite{urtasun01} but to our knowledge has not yet +been considered for large-scale application. + +Advantages of using grid frequency for communication are low receiver hardware complexity as well as the fact that a +single transmitter can cover an entire synchronous area. Though the transmitter has to be very large and powerful, setup +of a single large transmitter faces lower bureaucratic hurdles than integration of hundreds of smaller ones into +hundreds of local systems each with autonomous goverance. \subsubsection{The frequency dependance of grid frequency} +% FIXME find a solid citation on this + \subsubsection{Control systems coupled to grid frequency} + \subsubsection{Avoiding dangerous modes} + +Modern power systems are complex electromechanical systems. Each component is controlled by several carefully tuned +feedback loops to ensure voltage, load and frequency regulation. Multiple components are coupled through transmission +lines that themselves exhibit complex dynamic behavior. The overall system is generally stable, but may exhbit some +instabilities to particular small-signal stimuli. These instabilities, called \emph{modes} occur when due to mis-tuning +of parameters or physical constraints the overall system exhibits oscillation at particular frequencies. +\textcite{kundur01} splits these into four categories: + +\begin{description} + \item[Local modes] where a single power station oscillates in some parameter + \item[Interarea modes] where subsections of the overall grid oscillate w.r.t.\ each other due to weak coupling + between them + \item[Control modes] caused by imperfectly tuned control systems + \item[Torsional modes] that originate from electromechanical oscillations in the generator itself +\end{description} + +The oscillation frequencies associated with each of these modes are usually between a few tens of Millihertz and a few +Hertz, see for example \textcite{grebe01} and \textcite{entsoe01}. It is hard to predict the particular modes of a +power system at the scale of the central-european interconnected system. Theoretical analysis and simulation may give +rough indications but cannot yield conclusive results. Due to the obvious danger as well as high economical impact due +to inefficiencies experimental measurements are infeasible. Finally, modes are highly dependent on the power grid's +structure and will change with changes in the power grid over time. For all of these reasons, a grid frequency +modulation system must be designed very conservatively without relying on the absence (or presence) of modes at +particular frequencies. A concrete design guideline that we can derive from this situation is that the frequency +spectrum of any grid frequency modulation system should not exhibit any notable peaks and should avoid a concentration +of spectral energy in certain frequency ranges. On the one hand this rules out some modulation schemes. On the other +hand it provides us with a useful pointer towards those techniques that might work well: Spread-spectrum techniques. By +employing spread-spectrum modulation we can produce an almost ideal frequency-domain behavior while at the same time +achieving some modulation gain, increasing system sensitivity. + +By using spread-spectrum techniques we can spread the energy of our modulation over a maximum in +bandwidth\cite{goiser01}. The coding gain spread-spectrum techniques yield potentially allows for a weaker excitation, +thereby allowing further reduction of the probability of disturbance to the overall system. Spread-spectrum techniques +also inherently allow a tradeoff between receiver sensitivity and data rate which is a highly useful parameter to have +for the overall system design. + \subsubsection{Overall system parameters} \subsubsection{An outline of practical implementation} \section{From grid frequency to a reliable communications channel} \subsection{Channel properties} + + \subsection{Modulation and its parameters} + + \subsection{Error-correcting codes} + + \subsection{Cryptographic security} +Informally the system we are looking for can be modelled as consisting of three parties: The trusted +\textsc{Transmitter}, one of a large number of untrusted \textsc{Receivers}, and an \textsc{Attacker} according to the +following rules: + +\begin{enumerate} + \item \textsc{Transmitter} and \textsc{Attacker} can both transmit any bit sequence + \item \textsc{Receiver} receives any transmission by either \textsc{Transmitter} or \textsc{Attacker} but cannot + distinguish between the two on the signal level + \item \textsc{Attacker} knows anything a \textsc{Receiver} might know + \item \textsc{Transmitter} is stronger than \textsc{Attacker} and will ``win'' in simultaneous transmission + \item Both \textsc{Transmitter} and \textsc{Receiver} can be seeded with some information on each other such as + public key fingerprints. +\end{enumerate} + +We are not interested in congestion scenarios where an attacker attempts to disrupt an ongoing transmission by the +transmitter. In practice there are several avenues to prevent such attempts including the following. Compromised loads +that are being abused by the attacker can be manually disconnected by the utility. Error-correcting codes can be used to +provide resiliency against small-scale disturbances. Finally, the transmitter can be designed to have high enough power +to be able to override any likely attacker. + +Our goal is to find a cryptographic primitive that has the following properties: +\begin{enumerate} + \item \textsc{Transmitter} can produce a transmission bit sequence $\mathbf{s}$ (or equivalently a set of such + sequences) that \textsc{Receiver} can uniquely identify as being generated by \textsc{Transmitter}: + $\mathcal{R}\left(\mathbf{s}\right) = 1$. Upon reception of this sequence, \textsc{Receiver} performs the safety + reset. + \item \textsc{Attacker} cannot forge $\mathbf{s}$, that is find $\mathbf{s}'$ such that + $\mathbf{s} \neq \mathbf{s}' \land \mathcal{R}\left(\mathbf{s}'\right) = 1$ + \item Our system conforms to an at-most-once semantic. That is, upon transmission of a valid bit sequence coded for + a particular \textsc{Receiver} or set of receivers each one either performs exactly one safety reset or none at + all. We cannot achieve an exactly-once semantic since we are using an unidirectional lossy communication + primitive. More coloquially, \textsc{Receiver} might be offline due to a localized power outage and might thus + not hear \textsc{Transmitter} even if our broadcast primitive is reliable. The practical impact of this + limitation can be mitigated by transmitter simply repeating itself until the desired effect has been achieved. +\end{enumerate} + +An important limitation from the rules of our setup above is that \textsc{Attacker} can always record the bit sequence +\textsc{Transmitter} transmits and replay that same sequence later. Before considering any cryptographic approaches we +can make the preliminary observation that we can trivially prevent \textsc{Attacker} from violating the +at-most-once criterion by simply requiring \textsc{Receiver} to memorize all bit sequences that have been transmitted +thus far and only reacting to new bit sequences. This means an attacker might be able to cause offline receivers to +reset at a later point, but considering our goal is to reset them in the first place this would not pose a danger to the +system. +% FIXME elaborate why this is not a threat, and possible mitigations + +As it seems we need a cryptographic primitive that looks somewhat like a signature. Different from a signature however, +we have somewhat relaxed constraints here: While cryptographic signatures need to work over arbitrary inputs, all we +want to ``sign'' here is the instruction to perform a safety reset. Since this is the only message we might ever want to +transmit, our message space has only one entry and thus the informational content of our message is 0 bit! All the +information we want to transmit is already encoded \emph{in the fact that we are transmitting}, and we do not require +any further payload to be transmitted. This means we can omit the entirety of the message and just transmit whatever +``signature'' we produce. This is useful since we have to conserve transmission bits so our transmissions do not take +exceeedingly long time over our extremely slow communication channel. + +We could use any of several traditional asymmetric cryptographic primitives to produce these signatures. The +comparatively high computational effort required for signature verification would not be an issue. Transmissions take +several minutes anyway and we can afford to spend some tens of seconds even in signature verification. Transmission +length and by proxy system latency would be determined by the length of the signature. For RSA signature length is the +modulus length (i.e. larger than 1000 bit for even basic contemporary security). For elliptic curve-based systems +signature size is approximately twice the curve length (i.e. ~300 bit for contemporary security). However, we can do +better than this: We can exploit the strange nature of our setting that our effective message entropy is 0 bit to derive +a more efficient scheme. + +\subsubsection{Lamport signatures} + +In 1979, \textcite{lamport02} introduced a signature scheme that is based only on a one-way function such as a +cryptographic hash function. The basic observation is that by choosing a random secret input to a one-way function and +publishing the output, one can later prove knowledge of the input by simply publishing it. In the following paragraphs +we will describe a construction of a one-time signature scheme based on this observation. The scheme we describe is the +one usually called a ``Lamport Signature'' in modern literature and is slightly different from the variant described in +the 1979 paper, but for our purposes we can consider both to be equivalent. + +\paragraph{Setup.} In a Lamport signature, for an n-bit hash function $H$ the signer generates a private key $s = +\left(s_{b, i} | b\in\left\{0, 1\right\}, 0\le i] (input.south) -- (safety.north); + \draw[-] (safety.south) -- (safety-anchor); + \draw[->] (safety-anchor) -| (powersupply.north); + \draw[->] (safety-anchor) -| (analog.north); + \draw[->] (powersupply.south) |- (adc.west); + \draw[->] (powersupply.south) |- (micro.west); + \draw[->] (analog.south) -- (adc.north); + \draw[->] (adc.south) -- (micro.north); + \draw[->] (micro.south) -- (isol.north); + \draw[->] (isol.south) -- (usb.north); + + \draw[dashed] (isol.west) -- (isol-left.east); + \draw[dashed] (isol.east) -- (isol-right.west); + \end{tikzpicture} + \end{center} + \caption{Frequency sensor hardware diagram} + \label{fmeas-sens-diag} +\end{figure} + +An overall block diagram of our system is shown in fig. \ref{fmeas-sens-diag}. The mircrocontroller we chose is an +\texttt{STM32F030F4P6} ARM Cortex-M0 microcontroller made by ST Microelectronics. The ADC in fig. \ref{fmeas-sens-diag} +in our design is the integrated 12-bit ADC of this microcontroller, which is sufficient for our purposes. The USB +interface is a simple USB to serial converter IC (\texttt{CH340G}) and the galvanic digital isolation is accomplished +with a pair of high-speed optocouplers on its \texttt{RX} and \texttt{TX} lines. The analog signal processing is a +simple voltage divider using high-power resistors to get the required creepage along with some high-frequency filter +capacitors and an op-amp buffer. The power supply is an off-the-shelf mains-input power module. The system is +implemented on a single two-layer PCB that is housed in an off-the-shelf industrial plastic case fitted with a printed +label and a few status lights on its front. + +\subsection{Clock accuracy considerations} + +Our measurement hardware will sample line voltage at some sampling rate $f_S$, e.g.\ $1 \text{kHz}$. All downstream +processsing is limited in accuracy by the accuracy of $f_S$\footnote{ +We are not considering the effects of clock jitter. We are highly oversampling the signal and the FFT done in our +downstream processing will eliminate small jitter effects leaving only frequency stability to worry about. }. We +generate our sampling clock in hardware by clocking the ADC from one of the microcontroller's timer blocks clocked from +the microcontroller's system clock. This means our ADC's sampling window will be synchronized cycle-accurate to the +microcontroller's system clock. + +Our downstream measurement of mains frequency by nature is relative to our sampling frequency $f_S$. In the setup +described above this means we have to make sure our system clock is fairly stable. A frequency derivation of $1 +\text{ppm}$ in our system clock causes a proportional grid frequency measurement error of $\Delta f = f_\text{nom} \cdot +10^{-6} = 50 \mu\text{Hz}$. In a worst-case where our system is clocked from a particularly bad crystal that exhibits +$100 \text{ppm}$ of instabilities over our measurement period we end up with an error of $5 \text{mHz}$. This is well +within our target measurement range, so we need a more stable clock source. Ideally we want to avoid writing our own +clock conditioning code where we try to change an oscillators operating frequency to match some reference. Clock +conditioning algorithms are highly complex and in our case post-processing of measurement data and simply adding and +offset is simpler and less error-prone. + +Our solution to these problems is to use a crystal oven\footnote{ + A crystal oven is a crystal oscillator thermally coupled closely to a heater and temperature sensor and enclosed in + a thermally isolated case. The heater is controlled to hold the crystal oscillator at a near-constant temperature + some few ten degrees above ambient. Any ambient temperature variations will be absorbed by the temperature control. + This yields a crystal frequency that is almost completely unaffected by ambient temperature variations below the + oven temperature and whose main remaining instability is aging. +}as our main system clock source. Crystal ovens are expensive compared to ordinary crystal oscillators. Since any +crystal oven will be much more accurate than a standard room-temperature crystal we chose to reduce cost by using one +recycled from old telecommunications equipment. + +To verify clock accuracy we routed an externally accessible SMA connector to a microcontroller pin that is routed to one +of the microcontroller's timer inputs. By connecting a GPS 1pps signal to this pin and measuring its period we can +calculate our system's Allan variance\footnote{ + Allan variance is a measure of frequency stability between two clocks. +}, thereby measuring both clock stability and clock accuracy. +We ran a 4 hour test of our frequency sensor that generated the histogram shown in figure \ref{ocxo_freq_stability}. +These results show that while we get a systematic error of about $10 \text{ppm}$ due to manufacturing tolerances the +random error at less than $10 \text{ppb}$ is smaller than that of a room-temperature crystal oscillator by 3-4 orders of +magnitude. Since we are interested in grid frequency variations over time but not in the absolute value of grid +frequency the systematic error is of no consequence to us. The random error at $3.66 \text{ppb}$ corresponds to a +frequency measurement error of about $0.2 \mu\text{Hz}$, well below what we can achieve at reasonable sampling rates and +ADC resolution. + +\begin{figure} + \centering + \includegraphics{../lab-windows/fig_out/ocxo_freq_stability} + \caption{OCXO Frequency derivation from nominal $19.440 \text{MHz}$ measured against GPS 1pps} + \label{ocxo_freq_stability} +\end{figure} + +\subsection{Firmware implementation} + +The firmware uses one of the microcontroller's timers clocked from an external crystal oscillator to produce an $1 +\text{ms}$ tick that the internal ADC is triggered from for a sample rate of $1 \text{ksps}$. Higher sample rates would +be possible but reliable data transmission over the opto-isolated serial interface might prove challenging and $1 +\text{ksps}$ corresponds to $20$ samples per cycle at $f_\text{nominal}$. This is $10\times$ nyquist and should be +plenty for accurate measurements. + +The ADC measurements are read using DMA and written into a circular buffer. Using some DMA controller features this +circular buffer is split in back and front halves with one being written to and the other being read at the same time. +Buffer contents are moved from the ADC DMA buffer into a packet-based reliable UART interface as they come in. The UART +packet interface keeps two ringbuffers: One byte-based ringbuffer for transmission data and one ringbuffer pointer +structure that keeps track of ADC data packet boundaries in the byte-based ringbuffer. Every time a chunk of data is +available from the ADC the data is framed into the byte-based ringbuffer and the packet boundaries are logged in the +packet pointer ringbuffer. If the UART transmitter is idle at this time a DMA-backed transmission of the oldest packet +in the packet ringbuffer is triggered at this point. Data is framed using Consistent Overhead Byte Stuffing +(COBS)\footnote{ +COBS is a framing technique that allows encoding $n$ bytes of arbitray data into exactly $n+1$ bytes with no embedded +$0$-bytes that can then be delimited using $0$-bytes. COBS is simple to implement and allows both one-pass decoding and +encoding. The encoder either needs to be able to read up to $256 \text{bytes}$ ahead or needs a buffer of $256 +\text{bytes}$. COBS is very robust in that it allows self-synchronization. At any point a receiver can reliably +synchronize itself against a COBS data stream by waiting for the next $0$-byte. The constant overhead allows precise +bandwidth and buffer planning and provides constant, good efficiency close to the theoretical maximum. +}\cite{cheshire01} along with a CRC-32 checksum for error checking. When the host receives a new packet with a +valid checksum it returns an acknowledgement packet to the sensor. When the sensor receives the acknowledgement, the +acknowledged packet is dropped from the transmission packet ringbuffer. When the host detects an incorrect checksum it +simply stays quiet and waits for the sensor to resume with retransmission when the next ADC buffer has been received. + +% FIXME make actual error rate measurements + +The serial interface logic presents most of the complexity of the sensor firmware. This complexity is necessary since +we need reliable, error-checked transmission to the host. Though rare, bit errors on a serial interface do happen and +data corruption is unacceptable. The packet-layer queueing on the sensor is necessary since the host is not a realtime +system and unpredictable latency spikes of several hundred milliseconds are possible. + +The host in our recording setup is a Raspberry Pi 3 model B running a Python script. The Python script handles serial +communication and logs data and errors into an SQLite database file. SQLite has been chosen for its simple yet flexible +interface and its good tolerance of system resets due to unexpected power loss. + \subsection{Frequency sensor measurement results} +Captured raw waveform data is processed in the Jupyter Lab environment\cite{kluyver01} and grid frequency estimates are +extracted as described in sec. \ref{frequency_estimation} using the \textcite{gasior01} technique. + +% FIXME comparison against reference measurements? + \section{Channel simulation and parameter validation} + \section{Implementation of a demonstrator unit} \section{Experimental results} -- cgit