Fast Sequence Component Analysis for Attack Detection in Synchrophasor Networks

Modern power systems have begun integrating synchrophasor technologies into part of daily operations. Given the amount of solutions offered and the maturity rate of application development it is not a matter of "if" but a matter of "when" in regards to these technologies becoming ubiquitous in control centers around the world. While the benefits are numerous, the functionality of operator-level applications can easily be nullified by injection of deceptive data signals disguised as genuine measurements. Such deceptive action is a common precursor to nefarious, often malicious activity. A correlation coefficient characterization and machine learning methodology are proposed to detect and identify injection of spoofed data signals. The proposed method utilizes statistical relationships intrinsic to power system parameters, which are quantified and presented. Several spoofing schemes have been developed to qualitatively and quantitatively demonstrate detection capabilities.Comment: 8 pages, 4 figures, submitted to IEEE Transaction

Defending Against Adversarial Attacks in Transmission- and Distribution-level PMU Data

Phasor measurement units (PMUs) provide high-fidelity data that improve situation awareness of electric power grid operations. PMU datastreams inform wide-area state estimation, monitor area control error, and facilitate event detection in real time. As PMU data become more available and increasingly reliable, these devices are found in new roles within control systems, such as remedial action schemes and early warning detection systems. As with other cyber physical systems, maintaining data integrity and security pose a significant challenge for power system operators. In this paper, we present a comprehensive analysis of multiple machine learning techniques to detect malicious data injection within PMU data streams. The two datasets used in this study come from two PMU networks: an inter-university, research-grade distribution network spanning three institutions in the U.S. Pacific Northwest, and a utility transmission network from the Bonneville Power Administration. We implement the detection algorithms with TensorFlow, an open-source software library for machine learning, and the results demonstrate potential for distributing the training workload and achieving higher performance, while maintaining effectiveness in the detection of spoofed data.Comment: 9 pages, 2 figure

Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation

Smart-grid applications based on synchrophasor measurements have recently been shown to be vulnerable to timing attacks. A fundamental question is whether timing attacks could remain undetected by bad-data detection algorithms used in conjunction with state-of-the-art situational-awareness state estimators. In this paper, we analyze the detectability of timing attacks on linear state-estimation. We show that it is possible to forge delay attacks that are undetectable. We give a closed form for an undetectable attack; it imposes two phase offsets to two or more synchrophasor-based measurement units that can be translated to synchrophasors’ time delays. We also propose different methods for combining two-delays attacks to produce a larger impact. We simulate the attacks on a benchmark power- transmission grid, we show that they are successful and can lead to physical grid damage. To prove undetectability, we use classic bad-data detection techniques such as the largest normalized residual and the χ2-test

Improvement in the management of cryptographic keys in a HSM and proposal of an Outdoor Position Certification Authority

2017 - 2018The following doctoral thesis comprises two distinct sections, both describing a specific applied research concerning the macro-theme of computer security. The first section describes a proposal for the improvement and optimization of the storage space required for the management of cryptographic keys within a Hardware Security Module (HSM), whereas the second section outlines the design of an Outdoor Position Certification Authority (OPCA), a distributed client-server architecture aimed for the validation and certification of the positioning of a mobile device. A Hardware Security Module is a special device designed for cryptographic operations and cryptographic keys management. The latter keys are stored into the HSM and never exposed outside the device. All the operations carried out through the keys are performed inside the HSM so the operations result is indeed the only external outcome produced by the HSM. In order for the HSM to store all the keys that have to be managed, plenty of storage space is required. The biggest data centres, handling millions of cryptographic keys, need to host a large number of HSMs. The related costs are proportional to the number of HSMs used. These costs include: hardware, energy consumption, network hosting, network speed, management, etc. In this thesis, there can be found two methods to save the space useful for the storage of the keys in a HSM, so to reduce the number of HSMs needed and all related costs. While reducing costs on storage, expenses related to computation time will increase. The outlined Outdoor Position Certification Authority represents the project and design of a certification authority whose purpose is to certify the positioning of a mobile device equipped with a GNSS (Global Navigation Satellite System) receiver. In general, a GNSS receiver is capable of acquiring radio signals (lowlevel data) and navigation messages (high-level data) in the outdoor environments coming from different constellations of global/regional satellite navigation systems and satellite-based augmentation system (SBAS). To date, these data are not reliable from a security point of view, because they can be easily forged by malicious attackers through specialized spoofing techniques. An OPCA defines a client/server architecture through which a user can certify his position by sending to one or more remote servers the geo-localization information required for its verification. Once the truthfulness and reliability of the data received have been verified, the OPCA will issue and then send to the client a digitally signed document having legal force and certifying the position of the user in a given moment. The use of this service will concern different and multiple scenarios and the devices requiring it will extensively grow in number thanks to the spread of the Internet of Things (IoT). Here are some possible scenarios: remote digital signing of a document for users located in a specific place; certification of the geographical position of a user in a given moment; certification of geographical position related to the delivery of valuable goods; certification of geographical position in case of critical events, such as rescue operations, police actions, etc. The first section of this thesis has been carried out based on two scientific publications. The first one, entitled “Reducing Costs in HSM-Based Data Centres”, is a conference publication presented during the “International Conference on Green, Pervasive, and Cloud Computing 2017 (GPC 2017) at Cetara (SA)”. This paper offers a first experimental evaluation of what will be found in the next pages and referred to as “Enhanced HSM (EHSM)”. The second paper is a journal version, published in the “Journal of High Speed Networks (JHSN) - IOS Press”. In this publication, an alternative approach has been illustrated in relation to the issue of space storage in the key management of a HSM. The second section of the thesis is based on an International Patent registered at the European Patent Organization (EPO), its official number being EP 18724344.9, and on a related paper, being completed, entitled “Design of an Outdoor Position Certification Authority”. [edited by author]XVII n.s. (XXXI ciclo