^{1}

^{1}

^{2}

^{3}

^{4}

In this paper, we focus on the estimation of time delays caused by adversaries in the sensing loop (SL). Based on the literature review, time delay switch (TDS) attacks could make any control system, in particular a power control system, unstable. Therefore, future smart grids will have to use advanced methods to provide better situational awareness of power grid states keeping smart grids reliable and safe from TDS attacks. Here, we introduce a simple method for preventing time delay switch attack on networked control systems. The method relies on an estimator that will estimate and track time delays introduced by an adversary. Knowing the maximum tolerable time delay of the plant’s optimal controller for which the plant remains stable, a time-delay detector issues an alarm signal when the estimated time delay is larger than the minimum one and directs the system to alarm state. In an alarm state, the plant operates under the control of an emergency controller that is local to the plant and remains in this mode until the networked control system state is restored. This method is an inexpensive and simple way to guarantee that an industrial control system remains stable and secure.

Modern power grids rely on telecommunication technologies for control and monitoring, in a way to improve efficiency and reliability distribution. However, their reliance on computers and multi-purpose networks makes them vulnerable to cyber-attacks [

The controller design for systems with time delay is one of the interests of many researchers [

Time delays exist in power systems, in the sensing and control loops. The traditional controllers of power systems are designed based on current information being available and ignoring time delays even if they present. However, power grids technologies are continuously being improved by introducing new telecommunication technologies for monitoring to improve efficiency, reliability and sustainability of supply and distribution. For example, the introduction of a wide area measurement system (WAMS) provides synchronized near real-time measurements in phase measurement units (PMUs). WAMS which are used for stability analysis of power systems can also be used for designing more robust controllers. Nevertheless, time delays are present in PMUs measurements as a result of natural transmission lines [

Several studies have considered the problem of stability of power systems with time delays [

In this paper, we will describe a simple yet effective method to address a TDS attack on the observed states of a controlled system. Our method utilizes a time delay estimator, a communication protocol to alarm for time delay switch attack, a buffer to store the history of controller commands and an optimal controller to stabilize or track a reference signal and a local to the plant emergency controller to stabilize the plant if large time delays are detected. For now, we will only deal with LTI systems in state feedback.

All control methods developed in the past compensate for time delays either rely on controller robust to a maximum time delay, off-line estimates of time delays or approximation of time delayed signals [

The proposed method is shown in

Suppose the system we are dealing with is linear time invariant (LTI) or can be approximated in a region of interest by a LTI system,

where x and u are state and control vectors, respectively. Matrices A and B are constant matrices with suitable dimensions.

Then, the solution is given by

with time delay τ, either a time-delay switch attack or a natural delay, the solution of Equation (2) becomes

Let us write the solution

In general, the time delay τ is an unknown variable. Let’s assume that τ is slowly varying, compared to the changes in u and x, and

where

It should be noted that,

The estimation error in states can be described by

Then the idea is to estimate

where

Assuming that,

Equation (9) is the one we will use to estimate the time delay

After designing the time delay estimator, we turn our attention to the controller and emergency controller. The controller can either be a PID controller or an optimal controller depending on the requirements of the application. Equation (10) is the PID controller and Equation (11) is the optimal controller,

where the error is_{E}.

Suppose there is a time delay attack on the system with delay

where c is a constant between 0 and 1. In case D = 1 an alarm signal is sent to the controller to shut it down and a negative acknowledgement is sent to the emergency controller to stabilize the plant. The control strategy is shown in

We have implemented this method in MATLAB and verified its performance using the load frequency control (LFC) of a two-area distributed power system. In the next section we present and discuss the simulation results.

We focus on the LFC system where the controller’s function is to regulate the states of a networked power plant. The multi interconnect LFC dynamic system description can be found in [

The optimal feedback controller is given by

and the new state after the attack can be modeled by

where

all zero, the system is in its normal operation. An adversary can get access to the communication link and inject a delay attack on the line to direct the system to abnormal operations.

In (13),

where

nerator, position value of the turbine, tie-line power flow, and control error on the

where

In the dynamic model of the two-area LFC (13):

and

and

where i and j can only be values one and two,

The analysis starts with the design of an optimal controller for the LFC in the normal operation (i.e., with no attack). Consider the system model described by (13) with the performance index described by

where matrix

Simulation studies have been conducted to evaluate the effects of TDS attacks on the dynamics of the system and detect TDS attacks to direct the controller to emergency state. By solving the Riccati matrix equation we obtain the close loop control law in the form of state feedback. For the simulations we have used discrete linear-quadratic regulator design from continuous cost function called “lqrd” function in MATLAB 2013a.

In our simulation, the total simulation time is 50 second and the sampling time is 0.01 s as its common in industrial applications. To show accuracy of our proposed TDS attack detector/tracker, we didn’t send negative acknowledgment to the local controller for the first simulation to only track the injected time delay to the system. The simulation has been done for three different scenarios: 1) single TDS attack on one power area, 2) Simultaneous TDS attack on both power areas, 3) Complex varied TDS attack on both power areas.

1) Single TDS attack to one power area: Here, we considered that adversary attacks the third state of the first power area at time of 2 second for a delay value of 3 seconds and the time delay is increased to 4.5 seconds at time of 7 seconds.

Parameter | Value | Parameter | Value |
---|---|---|---|

10 | 0.05 | ||

1.5 | 0.12 s | ||

0.2 s | 0.45 s | ||

0.198 pu/rad | 0.198 pu/rad | ||

12 | 0.05 | ||

1 | 0.18 s | ||

100 I | 0 | ||

100 I | ¥ | ||

21.5 | 21 |

natural delay on the system.

2) Simultaneous TDS attack to both power areas: In this scenario, we attack the third state of both power areas. TDS attacks 1 and 2 have been injected to the first and the second power areas respectfully. TDS attack 1 is started at time 2 seconds for value 3 seconds and increased at time 8 seconds to the value of 4.5 seconds. Also TDS attack 2 is started simultaneously with TDS attack 1 for the value of 1.5 seconds and increased to the value of 6 seconds.

3) Complex varied TDS attack to both power areas: In the last scenario we injected the TDS attack at different time with different time-delay values. We assume that an adversary injects TDS attack to feedback lines of both power areas. In our simulation, an attacker starts TDS attack to the second power area (third state) at time 1 second for

For the second part of our simulation we enabled the emergency controller to show the effect of our proposed technique for overcoming the TDS attack. We assume that an adversary injects TDS attack to the feedback lines of both power areas. In the simulation, a TDS attack was applied to the second power area (the third state) at time of 1 second for

under attack with traditional optimal controller (TOC) and the proposed control technique (PCT) respectively. As it’s clear on the result, the simulated attack makes the system unstable. With the proposed technique, we could overcome TDS attack on the simulated system.

In summary, we have demonstrated a simple method for estimating and detecting time delay switch attack on a networked control system. The method relies on a time delay estimator that estimates and tracks time-delays introduced by an adversary. With knowledge of the maximum time delay of the control system, for which the plant remains stable and secure, the time-delay detector compares the estimated time delay to the maximum allowed time delay and issues an alarm signal when the estimated time delay is larger than this value. It also directs the system to an alarm state. In an alarm state, the plant is under the control of the emergency controller, which is local to the plant. The plant remains in this mode until the networked control system state is restored and time-delay switch is eliminated. We think that this method is simple and an inexpensive way to assure that an industrial control system remains stable and secure.

The authors would like to thank the Resilient, Autonomous Networked Control Systems (RANCS) group for support during publishing this paper.

ArmanSargolzaei,Kang K.Yen,Mohamed N.Abdelghani,AbolfazlMehbodniya,SamanSargolzaei, (2015) A Novel Technique for Detection of Time Delay Switch Attack on Load Frequency Control. Intelligent Control and Automation,06,205-214. doi: 10.4236/ica.2015.64020