Sergio Barreto scite author profile

Abstract-We describe the real-time monitoring infrastructure of the smart-grid pilot on the EPFL campus. We experimentally validate the concept of a real-time state-estimation for a 20 kV active distribution network. We designed and put into operation the whole infrastructure composed by the following main elements: (1) dedicated PMUs connected on the medium-voltage side of the network secondary substations by means of specific current/voltage transducers; (2) a dedicated communication network engineered to support stringent time limits and (3) an innovative state estimation process for real-time monitoring that incorporates phasor-data concentration and state estimation processes. Special care was taken to make the whole chain resilient to cyber-attacks, equipment failures and power outages. The achieved latency is within 65ms. The refresh rate of the estimated state is 20ms. The real-time visualization of the state estimator output is made publicly available, as well as the historical data (PMU measurements and estimated states). To the best of our knowledge, the work presented here is the first operational system that provides low-latency real-time stateestimation by using PMU measurements of a real active distribution network.

show abstract

Feasibility of Time-Synchronization Attacks Against PMU-Based State Estimation

Shereen

Delcourt

Barreto

et al. 2020

IEEE Trans. Instrum. Meas.

View full text Add to dashboard Cite

Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation

Barreto

Pignati

Dán

et al. 2018

IEEE Trans. Smart Grid

View full text Add to dashboard Cite

Abstract-Smart-grid applications based on synchrophasor measurements have recently been shown to be vulnerable to timing attacks. A fundamental question is whether timing attacks could remain undetected by bad-data detection algorithms used in conjunction with state-of-the-art situational-awareness state estimators.In this paper, we analyze the detectability of timing attacks on linear state-estimation. We show that it is possible to forge delay attacks that are undetectable. We give a closed form for an undetectable attack; it imposes two phase offsets to two or more synchrophasor-based measurement units that can be translated to synchrophasors' time delays. We also propose different methods for combining two-delays attacks to produce a larger impact. We simulate the attacks on a benchmark powertransmission grid, we show that they are successful and can lead to physical grid damage. To prove undetectability, we use classic bad-data detection techniques such as the largest normalized residual and the χ 2 -test.

show abstract

Cyber-attack on packet-based time synchronization protocols: The undetectable Delay Box

Barreto

Suresh

Boudec

2016

View full text Add to dashboard Cite

Abstract-We present a cyber-attack on packet-based time synchronization protocols (PBTSP) with high-accuracy requirements. The cyber-attack is undetectable from the PBTSP's perspective and exploits a vulnerability that is in the nature of all PBTSPs. It can be successfully performed regardless of the cryptographic protocol that the PBTSP is protected with and it is undetectable by the clock-servo algorithm inside the target slave clock. To perform this cyber-attack, we built a "Delay Box" capable of advancing or delaying a slave clock by introducing a malicious offset of a few microseconds. We run experimental tests to the delay box to prove the magnitude of the attack and to confirm undetectability. We discuss possible countermeasures for this type of attack.

show abstract

Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile

Jayasinghe

Barreto

Popović

et al. 2014

View full text Add to dashboard Cite

We are interested in the security of the MPLS Transport Profile (MPLS-TP), in the context of smart-grid communication networks. The security guidelines of the MPLS-TP standards are written in a complex and indirect way, which led us to pose as hypothesis that vendor solutions might not implement them satisfactorily. To test this hypothesis, we investigated the Cisco implementation of two MPLS-TP OAM (Operations, Administration, and Maintenance) protocols: bidirectional forwarding detection (BFD), used to detect failures in label-switched paths (LSPs) and protection state coordination (PSC), used to coordinate protection switching. Critical smart grid applications, such as protection and control, rely on the protection switching feature controlled by BFD and PSC. We did find security issues with this implementation. We implemented a testbed with eight nodes that run the MPLS-TP enabled Cisco IOS; we demonstrated that an attacker who has access to only one cable (for two attacks) or two cables (for one attack) is able to harm the network at several points (e.g., disabling both working and protection LSPs). This occurred in spite of us implementing the security guidelines that are available from Cisco for IOS and MPLS-TP. The attacks use forged BFD or PSC messages, which induce a labeledge router (LER) into believing false information about an LSP. In one attack, the LER disables the operational LSP; in another attack, the LER continues to believe that a physically destroyed LSP is up and running; in yet another attack, both operational and backup LSPs are brought down. Our findings suggest that the MPLS-TP standard should be more explicit when it comes to security. For example, to thwart the attacks revealed here, it should mandate either hop by hop authentication (such as MACSec) at every node, or an ad-hoc authentication mechanism for BFD and PSC.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sergio Barreto

Real-time state estimation of the EPFL-campus medium-voltage grid by using PMUs

Feasibility of Time-Synchronization Attacks Against PMU-Based State Estimation

Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation

Cyber-attack on packet-based time synchronization protocols: The undetectable Delay Box

Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile

Contact Info

Product

Resources

About