Professional Documents
Culture Documents
Denial of Service Attack On Tie-Line Bias Control in A Power System With PV Plant
Denial of Service Attack On Tie-Line Bias Control in A Power System With PV Plant
Abstract—The use of synchrophasor networks consisting of irradiance variability and uncertainty [1], [2]. The integration of
phasor measurement units (PMUs) makes it possible to monitor, renewable energy generation into the grid requires monitoring
analyzes, and control the electric power grid in real-time. PMU and the use of advanced control techniques [3], [4]. The de-
measurements of frequencies, currents, voltages, and phase angles
are transmitted to system control centers through synchrophasor ployment of PMUs, however, can improve grid management to
networks. Delayed or missing measurements from PMUs in closed- mitigate the challenges of integrating renewable energy sources.
loop applications could lead to power system instability. Although Unlike the conventional studies involving power systems se-
the use of virtual private network (VPN) tunnels eliminates many curity, the subject of this study involves the security of smart grid
security vulnerabilities, VPNs are still vulnerable to denial of ser- synchronous networks (PMUs, PDCs, computers and commu-
vice (DoS) attack that exploits a side-channel vulnerability. In this
paper, the authors detail their analysis of DoS attack on a two-area nication systems), more commonly known as the cyber-security
four machine power system with a utility-scale photovoltaic (PV) of smart grids [5], [6].
plant. Automatic generation control (AGC) is used to implement a Concerns about the dependability and security of the com-
tie-line bias control in one of the areas. The impact of PMU packet munications infrastructure are affecting the adoption of syn-
dropping on AGC operation and countermeasures are presented chrophasor technology, making it all the more essential to
in this paper. Cellular computational network (CCN) prediction of
PMU data is used to implement a virtual synchrophasor network secure the network connections between PMUs and PDCs to
(VSN). The data from VSN is used by the AGC when the PMU ensure the reliability of smart grid operations [7], [8]. Although
packets are disrupted by DoS attacks. Real-time experimental many vulnerabilities can be eliminated by encrypting the traffic
results show the CCN based VSN effectively inferred the missing using security gateways, the encrypted traffic remains vulnera-
data and mitigated the negative impacts of DoS attacks. ble to side-channel analysis [9]. Side-channel analysis extracts
Index Terms—Cyber-attacks, grid operation, phasor measure- information by observing implementation artifacts. In previ-
ment units, side-channel analysis, virtual synchrophasor network, ous studies, where multiple PMUs transmit measurement pack-
prediction. ets through a VPN tunnel, packet size and inter-packet timing
side-channels are used to differentiate packet sources [10]. This
I. INTRODUCTION technique can be exploited to identify and selectively drop PMU
SYNCHROPHASOR network consists of Phasor Mea- traffic. When real-time PMU data is used for control, these at-
A surement Units (PMUs) and Phasor Data Concentrators
(PDCs). PMUs are used in real-time monitoring, analysis and
tacks can cause the power system to become unstable.
In this paper, the impact and mitigation of a DoS attack on tie-
control of power systems, whereas PDCs receive and time- line bias control in a two area system are presented, followed by
synchronize data from multiple PMUs to provide time-aligned a description of the experiments performed in a simulated two-
output streams. The increasing penetration of renewable en- area four machine power system with a utility-scale PV plant.
ergy sources such as Photovoltaics (PV) into the electric grid This paper details the creation and implementation of a Cellular
has advantages as well as disadvantages, specifically solar Computational Network (CCN) [11] based Virtual Synchropha-
sor Network (VSN) for Automatic Generation Control (AGC),
with the objective of mitigating the impact of PV power genera-
Manuscript received March 31, 2017; revised June 27, 2017; accepted July
23, 2017. Date of current version September 22, 2017. This work was supported
tion fluctuations and other disturbances on system frequencies.
in part by the U.S. National Science Foundation (NSF) under Grants 1408141, The topology of the VSN matches the topology of the power
1312260, 1308192, and 1232070 and in part by the Duke Energy Distinguished system, which means that during a DoS attack, missing PMU
Professor Endowment Fund. (Corresponding author: Xingsi Zhong.)
X. Zhong, I. Jayawardene, and R. Brooks are with the Real-Time Power
data can be inferred using the VSN. To illustrate the possible
and Intelligent Systems Laboratory, Holcombe Department of Electrical and impact, a three phase-to-ground fault occurs in the power sys-
Computer Engineering, Clemson University, Clemsonm, SC 29634 USA tem while one PMU is blocked. The attack is performed based
(e-mail: xingsiz@g.clemson.edu; rjayawa@g.clemson.edu; rrb@acm.org).
G. K. Venayagamoorthy is with the Real-Time Power and Intelligent Systems
on side-channel analysis of PMU traffic in a VPN tunnel [10].
Laboratory, Holcombe Department of Electrical and Computer Engineering, The main contributions of this paper are:
Clemson University, Clemson, SC 29634 USA, and also with the School of 1) DoS attack that exploits a side-channel vulnerability on
Engineering, University of Kwazulu-Natal, Durban 4041, South Africa (e-mail:
gkumar@ieee.org).
tie-line bias control are investigated and consequences
Digital Object Identifier 10.1109/TETCI.2017.2739838 outlined.
2471-285X © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
376 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
2) Countermeasures against these DoS attacks using CCN diagram of which is detailed in Fig. 2 is implemented with tie-
based VSN are developed and shown to be most effective. line bias control. PMU measured PV power output and Area
3) Real-time DoS attacks and VSN countermeasures are per- 1 frequency values are passed as inputs to AGC 1, which de-
formed. cides the Area 1 generation by minimizing area control error.
The rest of the paper is organized as follows: Sec- Tie-line power flow is regulated to optimally utilize the PV
tion II describes the power system used in this study. Sec- power generation in Area 1. Table A.2 shows the parameters of
tion III explains the side-channel analysis and attack scenarios. AGCs used in this study. PMUs are placed at each power system
Section IV introduces the CCN. Section V describes two coun- Bus.
termeasures to mitigate DoS attacks. Section VI presents the ex- A dedicated communication synchrophasor network is used
periments, results and analysis. Finally, conclusions are given in to transmit PMU measurement data, the configuration of which
Section VII. is shown in Fig. 1. There are four secured subnets connected
by a dedicated network with a security gateway protecting each
secured subnet. The attack described in this paper has been
II. TWO AREA FOUR MACHINE POWER SYSTEM WITH found to be robust to issues related to network traffic interactions
UTILITY-SCALE PV PLANT AND PMUS and topologies [12], [13]. For ease of presentation, simplified
Fig. 1 shows the two-area four machine power system used network is used for this study.
in this study with each area having two synchronous gener- Virtual Private Network (VPN) tunnels are established be-
ators, and with each rated at 900 MVA. A 210 MW utility- tween each of the security gateways with traffic transmitted
scale PV plant is integrated into Area 2. With the variable PV through VPN tunnels is encrypted by the security gateway, in-
power generation in Area 2, there is a dynamic tie-line power cluding the source and destination addresses. A system PDC is
flow from Area 1 to Area 2. Generator rated values and power located at the control center subnet collecting data from PMUs
outputs used in this study are shown in Table A.1. Each area located at Area 1 and the tie line subnet and an area PDC lo-
has an AGC implemented. The AGC in Area 1 (AGC 1) a cated at Area 2 subnet. The PMUs located at Area 2 are sending
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 377
Fig. 2. The Area 1 AGC (AGC1) diagram for tie-line bias control using PMU and VSN data.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
378 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 379
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
380 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
Fig. 10. CCN based VSN architecture for frequency prediction in 2-area 4-machine power system with PV plant.
means that AGC 1 keeps using zero as input that quickly leads stream. In the analysis, only the results from blocking PMU 7
to the power system instability. are presented.
The attack approach has been tested in environments with
large amounts of extraneous traffic and shown to be resilient
and thus not focused in this study [12], [13]. In this study, a IV. CELLULAR COMPUTATIONAL NETWORK
simplified dedicated network is considered, shown as Fig. 1 CCN is a scalable and distributed framework for pre-
with PMU 7 selected as the target. Data measurement traffic dicting/estimating the dynamics of large networked systems
from PMU 7 can be identified and blocked by the attacker in a [11], [22]. A CCN can be expressed as a directed graph. Fig. 10
three-step process. The IP pair of interested security gateways shows an example CCN topology. Each of the nodes in a CCN
is first identified. The packets that do not agree with the packet is a computational cell, shown as the square boxes in Fig. 10.
size side-channel are then ignored, and followed by the use of Each cell consists of a computational unit, a learning unit, and
timing side-channels to identify and block packets from one a communication unit. Each cell takes an input vector and cal-
PMU. culates an output in one time step. Cells can learn to generate
1) In Step One, the IP Addresses of Interested Security Gate- desired output using historical data. The output estimated by
ways are Identified: Wireshark software is used to interpret the each cell can be passed to other connected cells as input(s) for
protocol of each packet so that security gateways send encrypted further computation. A cell can provide more accurate outputs
packets frequently and stably. Wireshark recognizes IP pairs that from the information provided by interconnected cells, which
are sending and receiving encrypted packets, and three IPs are can be deployed either on a single computer or multiple com-
identified as the security gateways sending PMU measurements. puters connected through a network. The type of the computa-
In this study, each PMU transmits 30 packets per second (30 Hz tional unit in a cell depends upon the application, with the goal
PMU rate). For three PMUs, 90 packets are transmitted from the of predicting/estimating the required output using the available
security gateway. According to network configuration shown in information. A cell has the ability to learn autonomously, for ex-
Fig. 1, Area 1 subnet has 5 PMUs transmitting 150 packets ample computational intelligence (CI) paradigms such as neural
per second; the Area 2 subnet has 6 PMUs transmitting 180 networks and fuzzy systems.
aligned packets per second; and the tie-line subnet has a sin- The advantage of CCN is that the topology of a CCN can be
gle one PMU transmitting 30 packets per second. By validate designed to match the topology of the objective power system,
the number of packets transmitted per second as well as packet permitting the deployment of the cell to local systems. CCN is
size, the IP of the security gateway securing the Area 1 subnet is an appropriate scalable computational framework to learn and
identified. predict/estimate the behavior of a power system, the topology
2) In Step Two, the PMUs are Identified by Packet Size Side- of which can be mapped to a CCN, where the Buses of the
Channels: PMU 6 and PMU 7 is the same model with the power system can be simulated by cells. Cells can be learned to
packet size the same as the default setting. PMU 1, 2 and 5 are follow the characteristics of each component/Bus, and for each
all different PMU models with the packet sizes differing from cell, predictions can be made based on information gathered
PMU 6 and PMU 7. A packet size filter is used to ignore PMU from adjacent connected cells. By carefully designing a CCN
1, 2 and 5. that matches the topology of the objective power system, it
3) In Step Three, the PMU Packets are Selectively Dropped: is possible to make predictions based on the dynamics of the
Using the concept described in Section III-D, two PMU mea- power system. In [23], dynamic state estimation (DSE) of a
surement streams are differentiated. However, the separation power system can be made by the CCN even if multiple PMUs’
algorithm cannot identify which stream originates from PMU 6 data is missing.
and which originates from PMU 7. The attacker can randomly When the information of a part of the objective power sys-
pick a PMU measurement stream and drop all packets from that tem is not available, the missing information can be estimated
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 381
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
382 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
Fig. 13. Recursive VSN prediction procedure for Bus 7 for two consecutive
Δt time intervals.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 383
Fig. 14. Tie-line energy change ΔE in one minute window after a DoS
C. Analysis attack under different scenarios. Please note that the Countermeasure B and
Countermeasure A case 2 in figure (a) are overlapped. (a) Four or less packets
The consequences and countermeasures are evaluated are blocked. (b) Five or more packets are blocked.
from the perspective of system stability and the energy
change according to expected energy to be delivered or
generated. power flow is observed. However, the occurrence of a DoS at-
The difference of the energy either delivered or generated tack at a very high system frequency of 60.2 Hz deceived the
that expected in a one minute window after a fault under each AGC in Area 1 which reduced the power generation in Area 1.
scenario is calculated by: To mitigate this power loss, the power generation at Area 2 is
increased. Similarly, the AGC in Area 1 is again deceived by a
1
h very low system frequency of 59.8 Hz, which in this case in-
60
ΔE = (P (t) − PE )dt (6) creased the power generation in Area 1. The power delivered on
0
tie-line is increased, and power generated in Area 2 is reduced.
Although not experimentally observed, this increase in power
Where P (t) is the power measured at the tie-line or genera-
either delivered or generated can trip the tie-line or synchronous
tors in each cases, and PE is the expected power either de-
generators.
livered or generated. The results are shown in Table A.3 and
3) Countermeasure B: The use of CCN predicted frequency
Fig. 14.
data to replace the missing measurement data showed no obvious
1) Without any Countermeasures: The absence of one to five
effects on power system operation, power generation and tie-line
packets will affected the power generation and the tie-line flow.
flow.
The energy delivered on the tie-line also increased dramatically
as more packets are been blocked. The absence of five or more
packets caused a forced oscillation on the power generation and VII. CONCLUSION
tie-line flow. The absence of 100 or more packets results in In this study, the CCN is used to develop a VSN that estimate
system instability. the missing data during DoS attacks. The ability to accurately
2) Countermeasure A: The use of old frequency data to re- estimate the frequency change trends during the DoS attack
place the missing measurement data stabilized the power sys- makes it possible to deliver the results demonstrated in this
tem, and no forced oscillation in power generation and tie-line study.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
384 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
APPENDIX
TABLE A.1
GENERATOR RATED VALUES AND POWER OUTPUTS
TABLE A.2
AGC PARAMETERS
λR T k α1 α2
AGC 1 20 0.5 −0.007 0.5 0.5 Fig. A.1. System responses after a fault. One packet from PMU 7 is blocked
AGC 2 20 0.5 −0.007 0.5 0.5 by a DoS attack. (a) Frequency response at Bus 7. (b) Power generation of
generator 2. (c) Power generation of generator 3. (d) Tie-line power flow.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 385
Fig. A.2. System responses after a fault. Five packets from PMU 7 are blocked Fig. A.3. System responses after a fault. 100 packets from PMU 7 are blocked
by a DoS attack. (a) Frequency response at Bus 7. (b) Power generation of by a DoS attack. (a) Frequency response at Bus 7. (b) Power generation of
generator 2. (c) Power generation of generator 3. (d) Tie-line power flow. generator 2. (c) Power generation of generator 3. (d) Tie-line power flow.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
386 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
Fig. A.4. System responses after a fault. Five packets from PMU 7 are blocked Fig. A.5. System responses after a fault. 300 packets from PMU 7 are blocked
by a DoS attack with Countermeasure A applied. (a) Frequency response at Bus by a DoS attack with Countermeasure A applied. (a) Frequency response at Bus
7. (b) Power generation of generator 2. (c) Power generation of generator 3. 7. (b) Power generation of generator 2. (c) Power generation of generator 3.
(d) Tie-line power flow. (d) Tie-line power flow.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 387
Fig. A.6. System responses after a fault. Five packets from PMU 7 are blocked Fig. A.7. System responses after a fault. 300 packets from PMU 7 are blocked
by a DoS attack with Countermeasure B applied. (a) Frequency response at Bus by a DoS attack with Countermeasure B applied. (a) Frequency response at Bus
7. (b) Power generation of generator 2. (c) Power generation of generator 3. 7. (b) Power generation of generator 2. (c) Power generation of generator 3.
(d) Tie-line power flow. (d) Tie-line power flow.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
388 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
TABLE A.3
THE CHANGE OF ENERGY IN ONE MINUTES WINDOW AFTER A FAULT
Number of Packets Lost Tie Line (MWh) Generator 1 (MWh) Generator 2 (MWh) Generator 3 (MWh) Generator 4 (MWh)
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
ZHONG et al.: DENIAL OF SERVICE ATTACK ON TIE-LINE BIAS CONTROL IN A POWER SYSTEM WITH PV PLANT 389
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.
390 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 1, NO. 5, OCTOBER 2017
Ganesh Kumar Venayagamoorthy (S’91–M’97– Richard Brooks (SM’04) has in the past been PI
SM’02) received his Ph.D. degree in electrical engi- on research programs funded by the Air Force Of-
neering from the University of Natal, Durban, South fice of Scientific Research, National Science Foun-
Africa, and a MBA degree in entrepreneurship and dation, Department of Energy, National Institute of
innovation from Clemson University, Clemson, SC, Standards, Army Research Office, Office of Naval
USA. He is the Duke Energy Distinguished Profes- Research and BMW Corporation. These research
sor of Power Engineering and Professor of electrical projects include coordination of combat missions
and computer engineering and automotive engineer- among autonomous combat vehicles (ARO), situation
ing at Clemson University, Clemson, SC, USA. Prior and threat assessment for combat command and con-
to that, he was a Professor of electrical and computer trol (ONR), detection of protocol tunneling through
engineering at the Missouri University of Science and encrypted channels (AFOSR), security of intelligent
Technology (Missouri S&T), Rolla, USA from 2002 to 2011. He is the Founder building technologies (NIST), experimental analysis of Denial of Service vul-
(2004) and the Director of the Real-Time Power and Intelligent Systems Labo- nerabilities (NSF), mobile code security (ONR), and security analysis of cellular
ratory (http://rtpis.org). He holds an Honorary Professor position in the School networks used for vehicle remote diagnostics (BMW).
of Engineering, University of Kwazulu-Natal, Durban, South Africa.
His interests include the research, development, and innovation of smart
grid technologies and operations, including intelligent sensing and monitoring,
intelligent systems, integration of renewable energy sources, power system op-
timization, stability and control, and signal processing. He has published more
than 500 refereed technical articles. His publications are cited over 13 000 times
with a h-index of 59. He has been involved in more than 70 sponsored projects
in excess of US $10 million. He has given more than 300 invited keynotes,
plenaries, presentations, tutorials and lectures in more than 40 countries to date.
He is involved in the leadership and organization of many conferences in-
cluding the General Chair of the Clemson University Power System Conference
since 2013, and Pioneer and Chair/Co-Chair of the IEEE Symposium of Com-
putational Intelligence Applications in Smart Grid (CIASG) since 2011. He is
currently the Chair of the IEEE PES WORKING GROUP ON INTELLIGENT CON-
TROL SYSTEMS, and the Founder and Chair of IEEE Computational Intelligence
Society (CIS) Task Force on Smart Grid. He was the Editor/Guest Editor of
several IEEE transactions and Elsevier journals. He is a Fellow of the IET, UK,
and the SAIEE.
Authorized licensed use limited to: KU Leuven Libraries. Downloaded on June 08,2022 at 13:41:06 UTC from IEEE Xplore. Restrictions apply.