Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer Engineering North Carolina State University Presented by Mingkui Wei IEEE INFOCOM 2014 Outline 1. Problem Statement 2. Greenbench: the Cross Domain Benchmark 3. Data-Centric Attacks Simulation and Evaluation 4. Conclusion 2 Outline 1. Problem Statement 2. Greenbench: the Cross Domain Benchmark 3. Data-Centric Attacks Simulation and Evaluation 4. Conclusion 3 Cyber Security in Smart Grid • Smart grid is susceptible to cyber attacks. – Smart grid is an integration of communication networks and power grid. Cyber Domain Physical Domain 4 Motivation • Questions 1 – What is the result of a jamming attack? Delayed or dropped messages • Question 2 – What is the result of a jamming attack ?in Smart Grid? ??? • DoS? DDoS? Worm? Virus? Trojan? …… • Objective – – How to evaluate physical impacts in smart grid? What are the physical impacts caused by cyber attacks? 5 Approach • How: Cross domain simulation – Physical experiment Economically infeasible Power system can’t resist any disturbance – Theoretical modeling Difficult to capture system dynamics • What: Data-centric threats – Attacks focus on manipulate transmitted data Meter reading, control message, etc – – Covers most aspect of cyber threats Distorted or delayed data brings detrimental impact E.g., Critical control message delay < 3ms (IEC61850) 6 Outline 1. Problem Statement 2. Greenbench: the Cross Domain Benchmark • • Design Objectives & Challenges Greenbench Implementation 3. Data-Centric Attacks Simulation and Evaluation 4. Conclusion 7 Design Objectives • A Cross-domain simulation platform which is: – Accurate: Accurate power device model (PSCAD) Accurate and standard communication protocols (OMNeT++) – Extensible: Fit various system topologies Add and remove component with ease – Efficient: As less overheads as possible (no external components) 8 Design Challenges • Synchronization Continuous Simulator (PSCAD) 1 2 3 4 5 6 7 8 9 10 11 Time …... Event Event Event Discrete Event Simulator (OMNeT++) …... • Data Exchange PSCAD Transformer Control Center I’ll send it to CC Voltage is 1kV 9 OMNet++ Transformer Controller Greenbench Implementation PHEV 1 PHEV SST MSG PV CTRL1 CTRL1 CTRL1 SST 1 Error PV 4 • • 12KV Bus SST 2 Load2 Load4 FID CTRL3 Buffer Buffer File File SST 3 12KV Bus 12KV Bus PV 2 SST 4 12KV Bus PV 1 SST PV CTRL2 CTRL2 SST PV SST PV CTRL3 CTRL3 Distribution level micro-grid abstracted from real system. Load3 PV CTRL4 CTRL4 3 17-bus, each bus connects renewable energy resources and loads. Interactor Built-in OMNet++ 10 Outline 1. Problem Statement 2. Greenbench: the Cross Domain Benchmark 3. Data-Centric Attacks Simulation and Evaluation • • • Delayed Price Message Forged Load Reading Message Overheard and Modified Monitoring Message 4. Conclusion 11 Data Centric Threats Re-visit GSM MSG GSM • Eavesdropping /Forging(Confidentiality) • Message modification (Integrity) • Wireless jamming (Availability) 12 Delayed Price Message • Jamming the price signal attack [Li’11] – Load consumption is based on price $ $$$ 13 Simulation Result T=0.50479035s T=0.50143932s Load 15 Load 11 Control Center Connection Request Load 12 Load 16 T=0.50177264s Wireless aggregator 1 Router Wireless aggregator 2 T=0.50354882s T=0.50317053s T=0.50223222s Load 17 Load 13 Current / Power flow Load 13 Load 12 Load 11 Substation 69kV/12kV Load 17 Load 16 Load 15 Current / Power flow Close At time T Observation • It is not easy to impact system stability via compromised smart meters. – – Difficult to manipulate many smart meter at the same time. Milliseconds are long enough for power grid to prepare for sudden load change. 15 Forged Load Reading Message • False Data Injection Attack [Liu’09] – Attacker is able to modify reading without being detected • Load Redistribution Attack [Yuan’11] – Modify reading while keep overall power consumption unchanged 16 Distorted Load Reading 70% Over More current Control Center Trip Meter_10_15 55% Less Router 85% Meter_10_11 Breaker_4 Current / Power flow Load 13 Less power dispatched Load 12 Load 11 Substation 69kV/12kV 253A @0.7s Load 17 Load 16 Load 15 Circuit breaker 4 (FID4) Trip 145% Current exceeddispatched threshold More power 115% 130% 17 Observation • Modify data is more dangerous than modify actual power consumption – – Modified data confuses the control center Data-centric attacks are more dangerous than physical sabotage • Protecting message authenticity is more important than protecting smart meter – More effort on authenticate message and detect bad data 18 Overheard and Modified Message Overcurrent Control Center Fault Trip 4 Over Current Meter_10_15 Attacker Trip 3 Router Breaker_4 Circuit breaker 3 (FID3) Load 4 Load 3 Load 2 Circuit breaker tripped Trip Load 17 Load 13 Load 16 Load 12 Load 15 Load 11 Current / Power flow Substation 69kV/12kV Breaker_3 Circuit breaker 4 (FID4) Feeder melt down Current exceed threshold 19 Simulation Result Fault propagate and causes cascading failure on other sections 20 Observation • Composite attack is much more dangerous than any single attack • Extra effort on making combination harder – Different login/passwd on different devices Trivial? NO! – Hierarchical security policy 21 Outline 1. Introduction 2. Greenbench: System Framework and Design 3. Delayed and Distorted Data-Centric Attacks 4. Conclusion 22 Conclusion • We built Greenbench, the cross domain simulation platform for smart grid cyber security simulation and evaluation. • Based on Greenbench, we use case studies to carry out evaluation of existing security issues and drew in-depth observations. 23 Thank you! 24 25 Implementation Challenges • Synchronization Control Center OMNet++ • Data Exchange PSCAD Transformer Voltage is 1kV I’ll send it to CC Buffer Buffer File File 26 Transformer Controller Implementation Challenges • Data Exchange – C/C++ interface and Bufferfiles OMNeT++ Control Center PSCAD Transformer V=110v C Buffer Buffer File File 27 Transformer Controller C++ PHEV 1 PHEV SST MSG PV CTRL1 CTRL1 CTRL1 SST 1 PV 4 12KV Bus SST 2 Load2 Load4 Buffer Buffer File File SST 3 12KV Bus 12KV Bus PV 2 SST 4 12KV Bus PV 1 PV 3 FID CTRL3 SST PV CTRL2 CTRL2 SST PV CTRL4 CTRL4 Load3 Interactor 28 SST PV CTRL3 CTRL3 Forged Load Reading Message • False Data Injection Attack [Liu’09] – Attacker is able to modify reading without being detected • Load Redistribution Attack [Yuan’11] – Modify reading while keep overall power consumption unchanged (redistribution) X X+Δ Σ=X+Y Y Y-Δ 29 Σ=X+Y
© Copyright 2026 Paperzz