Vulnerability Analysis of False Data Injection

Vulnerability Analysis of False Data Injection

General control loop while(true){
𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ) }

General control loop while(true){
𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 , 𝑋 𝑘−1 … 𝑋 𝑘−𝑚 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 , 𝑍 𝑘−1 … 𝑍 𝑘−𝑚 ,Δ𝑡 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) }

General control loop with monitor
while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If( ¬𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) }

General control loop with safety property
while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If( ¬𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) Assert( 𝜑 𝑎𝑠𝑠𝑒𝑟𝑡 ( 𝑋 𝑘 )) }

In terms of predicates while(true){
𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If(¬ 𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) } 𝜑 𝑓 𝑋, 𝑋 𝑜 , 𝐶, 𝑡 𝜑 𝑔 𝑍, 𝑋,t 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ ,𝑍,𝑡 𝜑 𝑐 (𝑋′,𝐶,𝑡)

Independently controlled system
while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If( ¬𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 } 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝑡 𝜑 𝑔 𝑍, 𝑋, 𝑡 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ ,𝑍,𝑡

Observability while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If( ¬𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 } 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝑡 𝜑 𝑔 𝑍, 𝑋, 𝑡 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ∀ 𝑋, 𝑋 0 , 𝑋 𝑜 ′ , 𝑋 ′ ,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖

Observability while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If(¬ 𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) } 𝜑 𝑓 𝑋, 𝑋 𝑜 , 𝐶, 𝑡 𝜑 𝑔 𝑍, 𝑋,t 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 𝜑 𝑐 (𝑋′,𝐶,𝑡) ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖

Chaining Time Steps Together
∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖 ∀ 𝛿,𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ < 𝑓 𝜖 (𝛿) After k steps 𝑋− 𝑋 ′ < 𝑓 𝜖 𝑘 (𝛿)

FDI Security while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If(¬ 𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) } 𝜑 𝑓 𝑋, 𝑋 𝑜 , 𝐶, 𝑡 𝜑 𝑔 𝑍, 𝑋,t 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 𝜑 𝑐 (𝑋′,𝐶,𝑡) ∀ 𝜑 𝑔 ,𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖 Attacker can replace 𝑔

FDI Security while(true){ 𝑋 𝑘 = 𝑑𝑦𝑛𝑎𝑚𝑖𝑐𝑠 𝑋 𝑘−1 , C k−1 , Δ𝑡 𝑍 𝑘 =𝑠𝑒𝑛𝑠𝑜𝑟 𝑋 𝑘 ,Δ𝑡 𝑋 𝑘 ′ =𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑜𝑟 𝑍 𝑘 ,Δ𝑡 If(¬ 𝜑 𝑚 ( 𝑋 𝑘 ′ … 𝑋 𝑘−𝑚 ′ , 𝑍 𝑘 … 𝑍 𝑘−𝑚 ,Δ𝑡)) 𝐴𝐿𝐴𝑅𝑀 𝐶 𝑘 =𝑐𝑜𝑛𝑡𝑟𝑜𝑙( 𝑋 𝑘 ′ ,Δ𝑡) } 𝜑 𝑓 𝑋, 𝑋 𝑜 , 𝐶, 𝑡 𝜑 𝑔 𝑍, 𝑋,t 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 𝜑 𝑐 (𝑋′,𝐶,𝑡) ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖 Attacker can feed arbitrary Z

Different security questions
Given a monitor, Identify configurations vulnerable to attack ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖

Given a monitor, Identify configurations vulnerable to attack ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧𝑄( 𝑋 0 ,𝑋, 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍,𝑡) ⇒ 𝑋− 𝑋 ′ <𝜖 ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ , 𝑋 1 , 𝑋 1 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧𝑄 𝑋 0 , 𝑋 1 , 𝑋 0 ′ , 𝑋 1 ′ ,𝐶,𝑍,𝑇 ∧𝑄( 𝑋 1 ,𝑋, 𝑋 1 ′ , 𝑋 ′ ,𝐶,𝑍,𝑡)⇒ 𝑋− 𝑋 ′ <𝜖

Given a monitor, identify attack models for which you are safe ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔′ 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖 𝜑 𝑔′ 𝑍,𝑋,𝑡 = 𝜑 𝑔 𝑍+𝑎,𝑋,𝑡 ∧ 𝑎 <𝜏

Identify a monitor that guarantees safety ∃ 𝜑 𝑚 ∀ 𝑋, 𝑋 0 , 𝑋 0 ′ , 𝑋 ′ ,𝐶,𝑍 ∀ 𝑡∈[0,𝑇] 𝑋 𝑜 − 𝑋 𝑜 ′ <𝛿∧ 𝜑 𝑐 𝑋 𝑜 ′ ,𝐶,𝑇 ⇒ 𝜑 𝑓 𝑋, 𝑋 𝑜 ,𝐶,𝑡 ∧ 𝜑 𝑔′ 𝑍,𝑋,𝑡 ∧ 𝜑 ℎ 𝑍, 𝑋 ′ ,𝑡 ∧ 𝜑 𝑚 𝑋 ′ , 𝑋 𝑜 ′ ,𝑍,𝑡 ⇒ 𝑋− 𝑋 ′ <𝜖 𝜑 𝑔′ 𝑍,𝑋,𝑡 =𝑎𝑡𝑡𝑎𝑐𝑘𝑒𝑟 𝑐𝑜𝑛𝑠𝑡𝑟𝑎𝑖𝑛𝑡𝑠

Power grid 𝐺, 𝑋 𝑣 , 𝑋 𝜃 , 𝑍 𝑝 , 𝑍 𝑞 𝐺 : Grid is a graph of Buses and directed connections 𝑋 𝑣 ={ 𝑣 𝑖 } 𝑣 𝑖 is voltage magnitude on bus 𝑖 𝑋 𝜃 ={ 𝜃 𝑖 } 𝜃 𝑖 is phase angle on bus 𝑖 𝑍 𝑝 ={ 𝑧 𝑖𝑗 𝑝 } Active power injection on wire (𝑖,𝑗) 𝑍 𝑞 ={ 𝑧 𝑖𝑗 𝑞 } Reactive power injections 𝑧 𝑖𝑗 𝑝 = ℎ 𝑖𝑗 𝑝 ( 𝑣 𝑖 , 𝑣 𝑗 , 𝜃 𝑖 , 𝜃 𝑗 ) 𝑧 𝑖𝑗 𝑞 = ℎ 𝑖𝑗 𝑞 𝑣 𝑖 , 𝑣 𝑗 , 𝜃 𝑖 , 𝜃 𝑗 ℎ 𝑖𝑗 𝑝 𝑣 𝑖 , 𝑣 𝑗 , 𝜃 𝑖 , 𝜃 𝑗 = 𝑣 𝑖 2 𝑔 𝑖𝑗 − 𝑣 𝑖 𝑣 𝑗 𝑔 𝑖𝑗 cos 𝜃 𝑖 − 𝜃 𝑗 − 𝑣 𝑗 𝑣 𝑗 𝑏 𝑖𝑗 sin⁡( 𝜃 𝑖 − 𝜃 𝑗 ) ℎ 𝑖𝑗 𝑞 𝑣 𝑖 , 𝑣 𝑗 , 𝜃 𝑖 , 𝜃 𝑗 = 𝑣 𝑖 2 𝑏 𝑖𝑗 − 𝑣 𝑖 𝑣 𝑗 𝑏 𝑖𝑗 cos 𝜃 𝑖 − 𝜃 𝑗 − 𝑣 𝑗 𝑣 𝑗 𝑔 𝑖𝑗 sin⁡( 𝜃 𝑖 − 𝜃 𝑗 )

Power grid 𝐺, 𝑋 𝑣 , 𝑋 𝜃 , 𝑍 𝑝 , 𝑍 𝑞 z 𝑣 1 𝜃 1 𝑣 2 𝜃 2
𝐺, 𝑋 𝑣 , 𝑋 𝜃 , 𝑍 𝑝 , 𝑍 𝑞 𝐺 : Grid is a graph of Buses and directed connections 𝑋 𝑣 ={ 𝑣 𝑖 } 𝑣 𝑖 is voltage magnitude on bus 𝑖 𝑋 𝜃 ={ 𝜃 𝑖 } 𝜃 𝑖 is phase angle on bus 𝑖 𝑍 𝑝 ={ 𝑧 𝑖𝑗 𝑝 } Active power injection on wire (𝑖,𝑗) 𝑍 𝑞 ={ 𝑧 𝑖𝑗 𝑞 } Reactive power injections z 𝑣 1 𝜃 1 𝑣 2 𝜃 2 𝜑 𝑣 1 , 𝜃 1 =∃𝑧∃ 𝑣 2 ∃ 𝜃 2 (𝑧= 𝑣 1 2 − 𝑣 1 𝑣 2 cos 𝜃 1 − 𝜃 𝑗 − 𝑣 1 𝑣 2 sin 𝜃 1 − 𝜃 𝑗 )

Power Grid 𝐺, 𝑋 𝑣 , 𝑋 𝜃 , 𝑍 𝑝 , 𝑍 𝑞 𝐺 : Grid is a graph of Buses and directed connections 𝑋 𝑣 ={ 𝑣 𝑖 } 𝑣 𝑖 is voltage magnitude on bus 𝑖 𝑋 𝜃 ={ 𝜃 𝑖 } 𝜃 𝑖 is phase angle on bus 𝑖 𝑍 𝑝 ={ 𝑧 𝑖𝑗 𝑝 } Active power injection on wire (𝑖,𝑗) 𝑍 𝑞 ={ 𝑧 𝑖𝑗 𝑞 } Reactive power injections 𝑧 𝑖𝑖 𝑝 = ℎ 𝑖𝑖 𝑝 𝑣 , 𝜃 = 𝑣 𝑖 𝑗∈ 𝑁 𝑖 𝑣 𝑗 (− 𝑔 𝑖𝑗 cos 𝜃 𝑖 − 𝜃 𝑗 − 𝑏 𝑖𝑗 sin⁡( 𝜃 𝑖 − 𝜃 𝑗 )) 𝑧 𝑖𝑖 𝑞 = ℎ 𝑖𝑖 𝑞 𝑣 , 𝜃 =𝑣 𝑖 𝑗∈ 𝑁 𝑖 𝑣 𝑗 (− 𝑔 𝑖𝑗 sin 𝜃 𝑖 − 𝜃 𝑗 − 𝑏 𝑖𝑗 cos⁡( 𝜃 𝑖 − 𝜃 𝑗 ))

State estimation An estimate 𝑧 , 𝑥 is valid if it’s close enough to satisfying the equations Corresponds to 𝜑 ℎ in our general framework 𝑒𝑠 𝑡 𝜖 𝑧 , 𝑥 ≔∃ 𝑥 𝑖,𝑗∈𝐵(𝐺) 𝑧 𝑖𝑗 𝑝 = ℎ 𝑖𝑗 𝑝 𝑥 ∧ 𝑧 𝑖𝑗 𝑞 = ℎ 𝑖𝑗 𝑞 𝑥 ∧ 𝑥 − 𝑥 <𝜖

Monitor If the state estimation is to far from satisfying the equations, we flag a problem 𝑚𝑜 𝑛 𝜏 𝑥 , 𝑧 = 𝑧 − ℎ ( 𝑥 ) <𝜏

Attack model Localized attacks Visibility
Attacker wants to introduce an error at a particular node Attacker injects errors to a subset of the grid Injected values must be consistent at the interface Visibility Can you directly see the values that you are trying to modify?

Incremental Algorithm
Initial subgrid contains only target node 1 If an attack is found, you are done If no attack is found, grow neighborhood Leverage results of UNSAT query to grow in a targeted way

Analysis time IEEE standard benchmarks. S = size of the full grid

Vulnerability Analysis of False Data Injection

Similar presentations

Presentation on theme: "Vulnerability Analysis of False Data Injection"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Vulnerability Analysis of False Data Injection

Similar presentations

Presentation on theme: "Vulnerability Analysis of False Data Injection"— Presentation transcript:

Similar presentations

About project

Feedback