Energy And Power Systems Simulated Attack Algorithm For Defense Testbed And Analysis

Ruttle, Zachary Andrew

31 May 2023

The power grid has evolved over the course of many decades with the usage of cyber systems and communications such as Supervisory Control And Data Acquisition (SCADA); however, due to their connectivity to the internet, the cyber-power system can be infiltrated by malicious attackers. Encryption is not a singular solution. Currently, there are several cyber security measures in development, including those based on artificial intelligence. However, there is a need for a varying but consistent attack algorithm to serve as a testbed for these AI or other practices to be trained and tested. This is important because in the event of a real attacker, it is not possible to know exactly where they will attack and in what order. Therefore, the proposed method in this thesis is to use criminology concepts and fuzzy logic inference to create this algorithm and determine its effectiveness in making decisions on a cyber-physical system model. The method takes various characteristics of the attacker as an input, builds their ideal target node, and then compares the nodes to the high-impact target and chooses one as the goal. Based on that target and their knowledge, the attackers will attack nodes if they have resources. The results show that the proposed method can be used to create a variety of attacks with varying damaging effects, and one other set of tests shows the possibility for multiple attacks, such as denial of service and false data injection. The proposed method has been validated using an extended cyber-physical IEEE 13-node distribution system and sensitivity tests to ensure that the ruleset created would take each of the inputs well. / Master of Science / For the last decades, information and communications technology has become more commonplace for electric power and energy systems around the world. As a result, it has attracted hackers to take advantage of the cyber vulnerabilities to attack critical systems and cause damage, e.g., the critical infrastructure for electric energy. The power grid is a wide-area, distributed infrastructure with numerous power plants, substations, transmission and distribution lines as well as customer facilities. For operation and control, the power grid needs to acquire measurements from substations and send control commands from the control center to substations. The cyber-physical system has its vulnerabilities that can be deployed by hackers to launch falsified measurements or commands. Much research is concerned with how to detect and mitigate cyber threats. These methods are used to determine if an attack is occurring, and, if so, what to do about it. However, for these techniques to work properly, there must be a way to test how the defense will understand the purpose and target of an actual attack, which is where the proposed modeling and simulation method for an attacker comes in. Using a set of values for their resources, motivation and other characteristics, the defense algorithm determines what the attacker's best target would be, and then finds the closest point on the power grid that they can attack. While there are still resources remaining based on the initial value, the attacker will keep choosing places and then execute the attack. From the results, these input characteristic values for the attacker can affect the decisions the attacker makes, and the damage to the system is reflected by the values too. This is tested by looking at the results for the high-impact nodes for each input value, and seeing what came out of it. This shows that it is possible to model an attacker for testing purposes on a simulation.

Cyber-Physical System Security

Power Systems

Fuzzy Inference System

Criminology

Electromagnetic Interference Attacks on Cyber-Physical Systems: Theory, Demonstration, and Defense

Dayanikli, Gokcen Yilmaz

27 August 2021

A cyber-physical system (CPS) is a complex integration of hardware and software components to perform well-defined tasks. Up to this point, many software-based attacks targeting the network and computation layers have been reported by the researchers. However, the physical layer attacks that utilize natural phenomena (e.g., electromagnetic waves) to manipulate safety-critic signals such as analog sensor outputs, digital data, and actuation signals have recently taken the attention. The purpose of this dissertation is to detect the weaknesses of cyber-physical systems against low-power Intentional Electromagnetic Interference (IEMI) attacks and provide hardware-level countermeasures. Actuators are irreplaceable components of electronic systems that control the physically moving sections, e.g., servo motors that control robot arms. In Chapter 2, the potential effects of IEMI attacks on actuation control are presented. Pulse Width Modulation (PWM) signal, which is the industry–standard for actuation control, is observed to be vulnerable to IEMI with specific frequency and modulated–waveforms. Additionally, an advanced attacker with limited information about the victim can prevent the actuation, e.g., stop the rotation of a DC or servo motor. For some specific actuator models, the attacker can even take the control of the actuators and consequently the motion of the CPS, e.g., the flight trajectory of a UAV. The attacks are demonstrated on a fixed-wing unmanned aerial vehicle (UAV) during varying flight scenarios, and it is observed that the attacker can block or take control of the flight surfaces (e.g., aileron) which results in a crash of the UAV or a controllable change in its trajectory, respectively. Serial communication protocols such as UART or SPI are widely employed in electronic systems to establish communication between peripherals (e.g., sensors) and controllers. It is observed that an adversary with the reported three-phase attack mechanism can replace the original victim data with the 'desired' false data. In the detection phase, the attacker listens to the EM leakage of the victim system. In the signal processing phase, the exact timing of the victim data is determined from the victim EM leakage, and in the transmission phase, the radiated attack waveform replaces the original data with the 'desired' false data. The attack waveform is a narrowband signal at the victim baud rate, and in a proof–of–concept demonstration, the attacks are observed to be over 98% effective at inducing a desired bit sequence into pseudorandom UART frames. Countermeasures such as twisted cables are discussed and experimentally validated in high-IEMI scenarios. In Chapter 4, a state-of-art electrical vehicle (EV) charger is assessed in IEMI attack scenarios, and it is observed that an attacker can use low–cost RF components to inject false current or voltage sensor readings into the system. The manipulated sensor data results in a drastic increase in the current supplied to the EV which can easily result in physical damage due to thermal runaway of the batteries. The current switches, which control the output current of the EV charger, can be controlled (i.e., turned on) by relatively high–power IEMI, which gives the attacker direct control of the current supplied to the EV. The attacks on UAVs, communication systems, and EV chargers show that additional hardware countermeasures should be added to the state-of-art system design to alleviate the effect of IEMI attacks. The fiber-optic transmission and low-frequency magnetic field shielding can be used to transmit 'significant signals' or PCB-level countermeasures can be utilized which are reported in Chapter 5. / Doctor of Philosophy / The secure operation of an electronic system depends on the integrity of the signals transmitted from/to components like sensors, actuators, and controllers. Adversaries frequently aim to block or manipulate the information carried in sensor and actuation signals to disrupt the operation of the victim system with physical phenomena, e.g., infrared light or acoustic waves. In this dissertation, it is shown that low-power electromagnetic (EM) waves, with specific frequency and form devised for the victim system, can be utilized as an attack tool to disrupt, and, in some scenarios, control the operation of the system; moreover, it is shown that these attacks can be mitigated with hardware-level countermeasures. In Chapter 2, the attacks are applied to electric motors on an unmanned aerial vehicle (UAV), and it is observed that an attacker can block (i.e., crash of the UAV) or control the UAV motion with EM waves. In Chapter 3, it is shown that digital communication systems are not resilient against intentional electromagnetic interference (IEMI), either. Low–power EM waves can be utilized by attackers to replace the data in serial communication systems with a success rate %98 or more. In Chapter 4, the attacks are applied to the sensors and actuators of electric vehicle chargers with low–cost over–the–shelf amplifiers and antennas, and it is shown that EM interference attacks can manipulate the sensor data and boosts the current supplied to the EV, which can result in overheating and fire. To ensure secure electronic system operation, hardware–level defense mechanisms are discussed and validated with analytical solutions, simulations, and experiments.

Cyber-Physical System Security

Electromagnetic Attacks

Signal Integrity

Enhancing Trust in Reconfigurable Hardware Systems

Venugopalan, Vivek

01 March 2017

A Cyber-Physical System (CPS) is a large-scale, distributed, embedded system, consisting of various components that are glued together to realize control, computation and communication functions. Although these systems are complex, they are ubiquitous in the Internet of Things (IoT) era of autonomous vehicles/drones, smart homes, smart grids, etc. where everything is connected. These systems are vulnerable to unauthorized penetration due to the absence of proper security features and safeguards to protect important information. Examples such as the typewriter hack involving subversive chips resulting in leakage of keystroke data and hardware backdoors crippling anti-aircraft guns during an attack demonstrate the need to protect all system functions. With more focus on securing a system, trust in untrusted components at the integration stage is of a higher priority. This work builds on a red-black security system, where an architecture testbed is developed with critical and non-critical IP cores and subjected to a variety of Hardware Trojan Threats (HTTs). These attacks defeat the classic trusted hardware model assumptions and demonstrate the ability of Trojans to evade detection methods based on physical characteristics. A novel metric is defined for hardware Trojan detection, termed as HTT Detectability Metric (HDM) that leverages a weighted combination of normalized physical parameters. Security analysis results show that using HDM, 86% of the implemented Trojans were detected as compared to using power consumption, timing variation and resource utilization alone. This led to the formulation of the security requirements for the development of a novel, distributed and secure methodology for enhancing trust in systems developed under untrusted environments called FIDelity Enhancing Security (FIDES). FIDES employs a decentralized information flow control (DIFC) model that enables safe and distributed information flows between various elements of the system such as IP cores, physical memory and registers. The DIFC approach annotates/tags each data item with its sensitivity level and the identity of the participating entities during the communication. Trust enhanced FIDES (TE-FIDES) is proposed to address the vulnerabilities arising from the declassification process during communication between third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the confidentiality of the sensitive information in the system. TE-FIDES is evaluated by targeting an IoT-based smart grid CPS application, where malicious third-party soft IP cores are prevented from causing a system blackout. The resulting hardware implementation using TE-FIDES is found to be resilient to multiple hardware Trojan attacks. / Ph. D.

Secure Computing

Trusted Computing

Resilient Computing

Root of Trust

Hardware Trojans

Cyber Physical System Security

Embedded Systems

Reconfigurable Hardware

DEEP LEARNING FOR SECURING CRITICAL INFRASTRUCTURE WITH THE EMPHASIS ON POWER SYSTEMS AND WIRELESS COMMUNICATION

Gihan janith mendis Imbulgoda liyangahawatte (10488467)

27 April 2023

<p><em>Imbulgoda Liyangahawatte, Gihan Janith Mendis Ph.D., Purdue University, May</em></p> <p><em>2023. Deep learning for securing critical infrastructure with the emphasis on power</em></p> <p><em>systems and wireless communication. Major Professor: Dr. Jin Kocsis.</em></p> <p><br></p> <p><em>Critical infrastructures, such as power systems and communication</em></p> <p><em>infrastructures, are of paramount importance to the welfare and prosperity of</em></p> <p><em>modern societies. Therefore, critical infrastructures have a high vulnerability to</em></p> <p><em>attacks from adverse parties. Subsequent to the advancement of cyber technologies,</em></p> <p><em>such as information technology, embedded systems, high-speed connectivity, and</em></p> <p><em>real-time data processing, the physical processes of critical infrastructures are often</em></p> <p><em>monitored and controlled through cyber systems. Therefore, modern critical</em></p> <p><em>infrastructures are often viewed as cyber-physical systems (CPSs). Incorporating</em></p> <p><em>cyber elements into physical processes increases efficiency and control. However, it</em></p> <p><em>also increases the vulnerability of the systems to potential cybersecurity threats. In</em></p> <p><em>addition to cyber-level attacks, attacks on the cyber-physical interface, such as the</em></p> <p><em>corruption of sensing data to manipulate physical operations, can exploit</em></p> <p><em>vulnerabilities in CPSs. Research on data-driven security methods for such attacks,</em></p> <p><em>focusing on applications related to electrical power and wireless communication</em></p> <p><em>critical infrastructure CPSs, are presented in this dissertation. As security methods</em></p> <p><em>for electrical power systems, deep learning approaches were proposed to detect</em></p> <p><em>adversarial sensor signals targeting smart grids and more electric aircraft.</em></p> <p><em>Considering the security of wireless communication systems, deep learning solutions</em></p> <p><em>were proposed as an intelligent spectrum sensing approach and as a primary user</em></p> <p><em>emulation (PUE) attacks detection method on the wideband spectrum. The recent</em></p> <p><em>abundance of micro-UASs can enable the use of weaponized micro-UASs to conduct</em></p> <p><em>physical attacks on critical infrastructures. As a solution for this, the radio</em></p> <p><em>frequency (RF) signal-analyzing deep learning method developed for spectrum</em></p> <p><em>sensing was adopted to realize an intelligent radar system for micro-UAS detection.</em></p> <p><em>This intelligent radar can be used to provide protection against micro-UAS-based</em></p> <p><em>physical attacks on critical infrastructures.</em></p>

System and network security

Deep learning

Deep Learning

Cyber-physical system security

Wireless Communication System

Drone detection radar

Power system cybersecurity

Data-Driven Computing and Networking Solution for Securing Cyber-Physical Systems

Yifu Wu (18498519)

03 May 2024

<p dir="ltr">In recent years, a surge in data-driven computation has significantly impacted security analysis in cyber-physical systems (CPSs), especially in decentralized environments. This transformation can be attributed to the remarkable computational power offered by high-performance computers (HPCs), coupled with advancements in distributed computing techniques and sophisticated learning algorithms like deep learning and reinforcement learning. Within this context, wireless communication systems and decentralized computing systems emerge as highly suitable environments for leveraging data-driven computation in security analysis. Our research endeavors have focused on exploring the vast potential of various deep learning algorithms within the CPS domains. We have not only delved into the intricacies of existing algorithms but also designed novel approaches tailored to the specific requirements of CPSs. A pivotal aspect of our work was the development of a comprehensive decentralized computing platform prototype, which served as the foundation for simulating complex networking scenarios typical of CPS environments. Within this framework, we harnessed deep learning techniques such as restricted Boltzmann machine (RBM) and deep convolutional neural network (DCNN) to address critical security concerns such as the detection of Quality of Service (QoS) degradation and Denial of Service (DoS) attacks in smart grids. Our experimental results showcased the superior performance of deep learning-based approaches compared to traditional pattern-based methods. Additionally, we devised a decentralized computing system that encompassed a novel decentralized learning algorithm, blockchain-based learning automation, distributed storage for data and models, and cryptography mechanisms to bolster the security and privacy of both data and models. Notably, our prototype demonstrated excellent efficacy, achieving a fine balance between model inference performance and confidentiality. Furthermore, we delved into the integration of domain knowledge from CPSs into our deep learning models. This integration shed light on the vulnerability of these models to dedicated adversarial attacks. Through these multifaceted endeavors, we aim to fortify the security posture of CPSs while unlocking the full potential of data-driven computation in safeguarding critical infrastructures.</p>

System and network security

Networking and communications

Cyber-physical system security

Deep Learning

Network attack

False Data detection

Adversarial Attack

Power System

decentralized computation