From dc98ce4106c3481a1515c43d0d960bb1ea240359 Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 6 Jul 2020 11:09:10 +0200 Subject: ma: finishing touches on conclusion, expand experiment results --- ma/safety_reset.tex | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) (limited to 'ma') diff --git a/ma/safety_reset.tex b/ma/safety_reset.tex index 3728adb..765dcad 100644 --- a/ma/safety_reset.tex +++ b/ma/safety_reset.tex @@ -2529,6 +2529,20 @@ experiment. We tried the demonstrator setup in Figure \ref{fig_proto_pic} using real-time. Our experiment went without any issues and the firmware implementation correctly reset the demonstrator's meter. We were happy to see that our extensive testing paid off: The demonstrator setup worked on its first try. +Our experiment consisted of the demonstrator prototype with the meter flashed with its factory firmware connected to a +microcontroller development board acting as the safety reset controller. The safety reset controller is connected to a +laptop's audio output through an adapter board. The laptop plays back an emulated grid voltage waveform that the safety +reset microcontroller measures and analyzes as it would when directly connected to the mains. When the microcontroller +receives a reset sequence that is a valid signature using a development key incorporated into its firmware through JTAG +it re-programs the smart meter with a modified firmware image that displays a success message on the meter's LCD. + +We used a signature truncated at 120 bit in our experiment. We chose a 5 bit DSSS sequence. Taking the sign bit into +account the length of the encoded signature is 20 DSSS symbols. On top of this we used Reed-Solomon error correction at +a 2:1 ratio inflating total message length to 30 DSSS symbols. At the \SI{1}{\second} chip rate we used in other +simulations as well this equates to an overall transmission duration of approximately \SI{15}{\minute}. To give the +demodulator some time to settle and to produce more realistic conditions of signal reception we padded the modulated +signal unmodulated noise on both ends. + \section{Lessons learned} Before settling on the commercial smart meter we first tried to use an \texttt{EVM430-F6779} smart meter evaluation kit @@ -2603,8 +2617,9 @@ Our literature study suggests that this is an appropriate first order approximat modulation bandwidth in our simulations inside a \SIrange{1000}{100}{\milli\hertz} frequency band that we reason is most likely to exhibit this linear behavior in practice. At lower frequencies primary control kicks in. With the frequency delta thresholds specified for primary control systems\cite{entsoe04} this would lead to significant non-linear -effects. At higher frequencies grid frequency estimation at the receiver becomes more complex. Higher frequencies also -come close to modes of mechanical oscillation in generators (usually at \SI{5}{\hertz} and above\cite{crastan03}). +effects. At higher frequencies grid frequency estimation at the receiver becomes more complex since the margins of the +FFT transform shrink. Higher frequencies also come close to modes of mechanical oscillation in generators that usually +lie at \SI{5}{\hertz} and above\cite{crastan03}. An analysis of the above concerns can be performed using dynamic grid simulation models\cite{semerow01,entsoe05}. Presumably out of security concerns these models are only available under non-disclosure agreements. Integrating @@ -2613,7 +2628,7 @@ challenge which is why we decided to leave this topic for a separate future work After detailed model simulation we ultimately aim to validate our results experimentally. Assuming linear grid behavior even under very small disturbances a small-scale experiment is an option. Such a small-scale experiment would require -very long integration times. Given a frequency characteristic of \SI{30}{\giga\watt\per\hertz} a stimulus of +very long integration times: Given a frequency characteristic of \SI{30}{\giga\watt\per\hertz} a stimulus of \SI{10}{\kilo\watt} yields $\Delta f = \SI{0.33}{\micro\hertz}$. At an estimated \SI{20}{\milli\hertz} of RMS noise over a bandwidth of interest this results in an SNR slightly better than \SI{-50}{\decibel}. The correlation time necessary to offset this with DSSS processing gain at a chip rate of \SI{1}{\baud} would be in the order of days. With such long @@ -2707,17 +2722,17 @@ elaborated the need for an out of band method to reset a meter's firmware due to complex firmware. To allow our system to be triggered even in the middle of a cyberattack we have developed a broadcast data transmission system based on intentional modulation of the global grid frequency. We have developed the theoretical foundations of the process based on an established model of inertial grid frequency response to load variations and -shown the viability of our end-to-end design through extensive simulations. To properly base these simulations we have -developed a grid frequency measurement methodology comprising of a custom-designed hardware device for electrically safe -data capture and a set of software tools to archive and process captured data. Our simulations show good behavior of our -broadcast communication system and give an indication that coöperating with a large consumer such as an aluminum -smelter would be a feasible way to set up a transmitter with very low hardware overhead. Based on our broadcast -primitive we have developed a cryptographic protocol ready for embedded implementation in resource-constrained systems -that allows triggering all or a selected subset of devices within a quick response time of less than 30 minutes. -Finally, we have experimentally validated our system using simulated grid frequency data in a demonstrator setup based -on a commercial microcontroller as our safety reset controller and an off-the-shelf smart meter. We have laid out a path -for further research and standardization related to our system. Our code and electronics designs are available at the -public repository listed on the second page of this document. +shown the viability of our end-to-end design through extensive simulations. To put these simulations on a solid +foundation we have developed a grid frequency measurement methodology comprising of a custom-designed hardware device +for electrically safe data capture and a set of software tools to archive and process captured data. Our simulations +show good behavior of our broadcast communication system and give an indication that coöperating with a large consumer +such as an aluminum smelter would be a feasible way to set up a transmitter with very low hardware overhead. Based on +our broadcast primitive we have developed a cryptographic protocol ready for embedded implementation in +resource-constrained systems that allows triggering all or a selected subset of devices within a quick response time of +less than 30 minutes. Finally, we have experimentally validated our system using simulated grid frequency data in a +demonstrator setup based on a commercial microcontroller as our safety reset controller and an off-the-shelf smart +meter. We have laid out a path for further research and standardization related to our system. Our code and electronics +designs are available at the public repository listed on the second page of this document. \newpage -- cgit