Design of Real-Time Simulation Testbed for Advanced Metering Infrastructure (Ami) Network

Conventional power grids are being superseded by smart grids, which have smart meters as one of the key components. Currently, for the smart metering communication, wireless technologies have predominantly replaced the traditional Power Line Communication (PLC). Different vendors manufacture smart meters using different wireless communication technologies. For example, some vendors use WiMAX, others prefer Low-Power Wireless Personal Area Networks (Lo-WPAN) for the Media Access Control (MAC) and physical layer of the smart meter network, also known as Advanced Metering Infrastructure (AMI) network. Different communication techniques are used in various components of an AMI network. Thus, it is essential to create a testbed to evaluate the performance of a new wireless technology or a novel protocol to the network. It is risky to study cyber-security threats in an operational network. Hence, a real-time simulation testbed is considered as a substitute to capture communication among cyber-physical subsystems. To design the communication part of our testbed, we explored a Cellular Internet of Things (CIoT) : Co-operative Ultra NarrowBand (C-UNB) technology for the physical and the MAC layer of the Neighborhood Area Network (NAN) of the AMI. After successful evaluation of its performance in a Simpy python simulator, we integrated a module into Network Simulator-3 (NS-3). As NS-3 provides a platform to incorporate real-time traffic to the AMI network, we can inject traffic from power simulators like Real Time Digital Simulator (RTDS). Our testbed was used to make a comparative study of different wireless technologies such as IEEE 802.11ah, WiMAX, and Long Term Evolution (LTE). For the traffic, we used HTTP and Constrained Application Protocol (CoAP), a widely used protocol in IoT. Additionally, we integrated the NS-3 module of Device Language Message Specification - Companion Specification for Energy Metering (DLMS-COSEM), that follows the IEC 62056 standards for electricity metering data exchange. This module which comprises of application and transport layers works in addition with the physical and MAC layer of the ii C-UNB module. Since wireless communication is prone to eavesdropping and information leakages, it is crucial to conduct security studies on these networks. Hence, we performed some cyber-attacks such as Denial of Service (DoS), Address Resolution Protocol (ARP) spoofing and Man-in-the-Middle (MiTM) attacks in the testbed, to analyze their impact on normal operation of AMI network. Encryption techniques can alleviate the issue of data hijacking, but makes the network traffic invisible, which prevents conventional Intrusion Detection Systems (IDS) from undertaking packet-level inspection. Thus, we developed a Bayesian-based IDS for ARP spoof detection to prevent rogue smart meters from modifying genuine data or injecting false data. The proposed real time simulation testbed is successfully utilized to perform delay and throughput analysis for the existing wireless technologies alongwith the evaluation of the novel features of C-UNB module in NS-3. This module can be used to evaluate a broad range of traffic. Using the testbed we also validated our IDS for ARP spoofing attack. This work can be further utilized by security researchers to study different cyber attacks in the AMI network and propose new attack prevention and detection solution. Moreover, it can also allow wireless communication researchers to improve our C-UNB module for NS-3

Papr analysis and channel estimation techniques for 3GPP LTE system

High data rates and secured data communication has become an unavoidable need of every mobile users. 3G technology provided greater data speed and secured networks compared to its predecessor 2G or 2.5G. The highest bit rates in commercially deployed wireless systems are achieved by means of Orthogonal Frequency Division Multiplexing (OFDM) [1]. The next advance in cellular systems, under investigation by Third Generation Partnership Project (3GPP), also anticipates the adoption of OFDMA to achieve high data rates. But a modified form of OFDMA i.e. SCFDMA (Single Carrier FDMA) having similar throughput performance and essentially the same complexity has been implemented as it has an edge over OFDMA having lower PAPR (peak to average power ratio) [2]. SCFDMA is currently a strong candidate for the uplink multiple access in the Long Term Evolution of cellular systems under consideration by the 3GPP. In our project we have worked on PAPR analysis of OFDMA, SCFDMA and various other SCFDMA (with different subcarrier mapping). Though SCFDMA had larger ISI it has lower PAPR which help in avoiding the need of an efficient linear power amplifier. We have analyzed various modulation techniques and implemented various kinds of pulse shaping filters and compared the PAPR for IFDMA, DFDMA and LFDMA (kinds of SCFDMA). Like other communication systems, in SCFDMA we encounter many trade-offs between design parameters (such as roll-off factor) and performance. The project report also constitutes the channel estimation techniques implemented in OFDM systems. Due to multipath fading the channel impulse response fluctuates for different subcarriers in different time slots. But with channel estimation OFDM systems can use coherent detection instead of differential. For MIMO system like OFDM channel information is vital for diversity combining and interference suppression [3]. So we need to estimate the channel as accurately as possible. As we have taken a slow Rayleigh fading channel in our study we used block type pilot arrangement channel estimation which uses LS (least square), MMSE (minimum mean square error) estimator. Due to higher complexity of the MMSE estimator, modified MMSE is implemented where tradeoff is made with performance. Here we have compared various channel estimation techniques used in OFDM systems. There are various other adaptive estimation techniques like LMS and RLS for estimating blind channels and comb type pilot arrangement estimation techniques for fast fading channels

A Firewall Optimization for Threat-Resilient Micro-Segmentation in Power System Networks

Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.Comment: 12 pages, 22 figure

Multi-Source Data Fusion for Cyberattack Detection in Power Systems

Cyberattacks can cause a severe impact on power systems unless detected early. However, accurate and timely detection in critical infrastructure systems presents challenges, e.g., due to zero-day vulnerability exploitations and the cyber-physical nature of the system coupled with the need for high reliability and resilience of the physical system. Conventional rule-based and anomaly-based intrusion detection system (IDS) tools are insufficient for detecting zero-day cyber intrusions in the industrial control system (ICS) networks. Hence, in this work, we show that fusing information from multiple data sources can help identify cyber-induced incidents and reduce false positives. Specifically, we present how to recognize and address the barriers that can prevent the accurate use of multiple data sources for fusion-based detection. We perform multi-source data fusion for training IDS in a cyber-physical power system testbed where we collect cyber and physical side data from multiple sensors emulating real-world data sources that would be found in a utility and synthesizes these into features for algorithms to detect intrusions. Results are presented using the proposed data fusion application to infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks. Post collection, the data fusion application uses time-synchronized merge and extracts features followed by pre-processing such as imputation and encoding before training supervised, semi-supervised, and unsupervised learning models to evaluate the performance of the IDS. A major finding is the improvement of detection accuracy by fusion of features from cyber, security, and physical domains. Additionally, we observed the co-training technique performs at par with supervised learning methods when fed with our features

Addressing Uncertainty in Cyber-Physical Power Systems - Modeling to Integration in a Cyber-Physical Energy Management System

Energy infrastructures are mission critical cyber-physical systems that are targets of persistent cyber attacks. While introducing new computing technologies and networks in power systems adds new capabilities for monitoring and control, dealing with the vast quantity of diverse devices with unknown trustworthiness and origin that can connect to the network and whose impact on operational reliability is also unknown is a frightening prospect. The threat landscape today is ex-tensive and constantly changing. Hence, to design resilient power systems it is inherent to develop cyber-physical models that can provide a platform to study the impact of cyber threats in a large scale interconnected grid as well as to propose a defense mechanism to operate them resiliently. This work proposes a synthetic communication network model for synthetic electric grid with a novel contribution of designing optimized firewall model that follows NERC-CIP-005 standards. The proposed cyber model for the electric grid is validated through creation of a cyber physical testbed RESLab which integrates multiple simulators, emulators and hardware devices to implement threat models targeting critical operations. A multi-sensor multi-domain fusion methodology is proposed to integrate sensor data from physical, cyber and security emulators. Given the un-certainty and untrustworthiness of these sensors under the compromised state, the real-time data generated in the testbed is treated with a theory of uncertainty called Dempster Shafer Theory of Evidence, to improve the inferencing of intrusion for better detection. This approach improved the performance in comparison to the conventional supervised and semi-supervised learning techniques. But a major limitation of this approach is that it does not easily support utilization of the existing domain knowledge. Hence, a Bayesian Approach is undertaken for inferencing and learning the structure of a novel cyber attack model, called Bayesian Attack Graph. The outcome of this approach is considered for risk assessment in Cyber Physical Dynamic Situational Awareness, necessary for state-estimation as well as partially observable control problem. Controlling the grid operations under uncertainty is another big challenge which is currently addressed with various data-driven approaches from the machine learning fraternity. In the work, we have developed environment for making uncertain MDP models, called Partially Observable MDPs, for the power system cases and solve the control problem using Bayesian Reinforcement Learning that follows the principles of Bayesian Inferencing. A challenge for the control problem is selection of an appropriate metric to optimize, as resilience is time, situation, and state dependent. Hence, an adaptive resilience metric quantification mechanism using Inverse Reinforcement Learning is proposed that not only learns a resilience metric but improves the performance of learning an optimal policy for resilient control. The proposed algorithms for communication network modeling, inferencing under uncertainty, and integration with the testbed are validated by developing software applications and incorporating them with the CYPRES Energy Management System

Design of Real-Time Simulation Testbed for Advanced Metering Infrastructure (Ami) Network

Conventional power grids are being superseded by smart grids, which have smart meters as one of the key components. Currently, for the smart metering communication, wireless technologies have predominantly replaced the traditional Power Line Communication (PLC). Different vendors manufacture smart meters using different wireless communication technologies. For example, some vendors use WiMAX, others prefer Low-Power Wireless Personal Area Networks (Lo-WPAN) for the Media Access Control (MAC) and physical layer of the smart meter network, also known as Advanced Metering Infrastructure (AMI) network. Different communication techniques are used in various components of an AMI network. Thus, it is essential to create a testbed to evaluate the performance of a new wireless technology or a novel protocol to the network. It is risky to study cyber-security threats in an operational network. Hence, a real-time simulation testbed is considered as a substitute to capture communication among cyber-physical subsystems. To design the communication part of our testbed, we explored a Cellular Internet of Things (CIoT) : Co-operative Ultra NarrowBand (C-UNB) technology for the physical and the MAC layer of the Neighborhood Area Network (NAN) of the AMI. After successful evaluation of its performance in a Simpy python simulator, we integrated a module into Network Simulator-3 (NS-3). As NS-3 provides a platform to incorporate real-time traffic to the AMI network, we can inject traffic from power simulators like Real Time Digital Simulator (RTDS). Our testbed was used to make a comparative study of different wireless technologies such as IEEE 802.11ah, WiMAX, and Long Term Evolution (LTE). For the traffic, we used HTTP and Constrained Application Protocol (CoAP), a widely used protocol in IoT. Additionally, we integrated the NS-3 module of Device Language Message Specification - Companion Specification for Energy Metering (DLMS-COSEM), that follows the IEC 62056 standards for electricity metering data exchange. This module which comprises of application and transport layers works in addition with the physical and MAC layer of the ii C-UNB module. Since wireless communication is prone to eavesdropping and information leakages, it is crucial to conduct security studies on these networks. Hence, we performed some cyber-attacks such as Denial of Service (DoS), Address Resolution Protocol (ARP) spoofing and Man-in-the-Middle (MiTM) attacks in the testbed, to analyze their impact on normal operation of AMI network. Encryption techniques can alleviate the issue of data hijacking, but makes the network traffic invisible, which prevents conventional Intrusion Detection Systems (IDS) from undertaking packet-level inspection. Thus, we developed a Bayesian-based IDS for ARP spoof detection to prevent rogue smart meters from modifying genuine data or injecting false data. The proposed real time simulation testbed is successfully utilized to perform delay and throughput analysis for the existing wireless technologies alongwith the evaluation of the novel features of C-UNB module in NS-3. This module can be used to evaluate a broad range of traffic. Using the testbed we also validated our IDS for ARP spoofing attack. This work can be further utilized by security researchers to study different cyber attacks in the AMI network and propose new attack prevention and detection solution. Moreover, it can also allow wireless communication researchers to improve our C-UNB module for NS-3

Inferring adversarial behaviour in cyber‐physical power systems using a Bayesian attack graph approach

Abstract Highly connected smart power systems are subject to increasing vulnerabilities and adversarial threats. Defenders need to proactively identify and defend new high‐risk access paths of cyber intruders that target grid resilience. However, cyber‐physical risk analysis and defense in power systems often requires making assumptions on adversary behaviour, and these assumptions can be wrong. Thus, this work examines the problem of inferring adversary behaviour in power systems to improve risk‐based defense and detection. To achieve this, a Bayesian approach for inference of the Cyber‐Adversarial Power System (Bayes‐CAPS) is proposed that uses Bayesian networks (BNs) to define and solve the inference problem of adversarial movement in the grid infrastructure towards targets of physical impact. Specifically, BNs are used to compute conditional probabilities to queries, such as the probability of observing an event given a set of alerts. Bayes‐CAPS builds initial Bayesian attack graphs for realistic power system cyber‐physical models. These models are adaptable using collected data from the system under study. Then, Bayes‐CAPS computes the posterior probabilities of the occurrence of a security breach event in power systems. Experiments are conducted that evaluate algorithms based on time complexity, accuracy and impact of evidence for different scales and densities of network. The performance is evaluated and compared for five realistic cyber‐physical power system models of increasing size and complexities ranging from 8 to 300 substations based on computation and accuracy impacts

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures