No icon

Physical Attestation in the Smart Grid for Distributed State Verification

Physical Attestation in the Smart Grid for Distributed State Verification


A cyber-physical system (CPS) integrates a physical infrastructure with cyber computation for improved performance and reliability. Most CPSs are distributed systems in which several cyber processes cooperate to control a set of physical resources. An individual process does not have the complete system state, and must communicate over some network to share information with its peers. It is vital that processes share accurate state information to ensure that the distributed system makes the correct control decisions. Failure in a CPS can result in physical consequences such as damage to the machines or harm to the humans involved in the system operation. These consequences can be severe in critical infrastructures such as water distribution, transportation, or the electric power grid.

Existing System:

Consider the case of Stuxnet, which resulted in the wide-spread infection of Siemens programmable logic controllers. The controllers infected by Stuxnet attempted to damage centrifuges by causing malicious changes to their rotor speeds. At the same time, Stuxnet sent false state reports which indicated normal rotor speeds back to human operators. One of Stuxnet’s goals was for the false state information to trick the operators into making the wrong control decision, namely, keeping the centrifuges running. Stuxnet was possible because the system was not designed to validate the physical measurements produced by the infected controller.

An example CPS in which state validation is essential is the electric power grid. The power grid is a Supervisory Control and Data Acquisition (SCADA) system where measurements obtained from sensors in the field are sent to a centralized location for monitoring. These measurements are fed into a state estimation algorithm to generate the complete system state, which analysts at the control center use to monitor for problems and make corrective actions. However, a false data injection attack can make intelligent modifications to the measurements and fool state estimation into producing an incorrect system state.

Proposed System:

Proposed a new distributed security mechanism called physical attestation that combines physical feedback with methods from computer security to detect state fabrications in the smart grid. The topological requirements for attestation to be resilient against a single compromised controller were derived, and the notion of attestation frameworks was introduced to scale to larger system topologies. It was shown that the problem of finding a minimum size attestation framework is NP-Complete, but that several regular topologies such as rings and meshes have minimum size frameworks that can be formulated in polynomial time.

Comment As:

Comment (0)