Transcript A Fault Resilient Architecture for Distributed Cyber

Fardin Abdi, Brett Robins, Marco Caccamo
University of Illinois at Urbana-Champaign
Urbana-Champaign, USA
{abditag2, robbins3, mcaccamo}@ILLINOIS.EDU
UIUC
1



Introduction to problem
Preliminary
Architecture description
◦ Fault detection
◦ Fault handling


Implementation in electric grid
evaluation
UIUC
2
Interconnected physical plants that physically
affect each other!
 State of each node
is a function of
control inputs
of other nodes
based on system
connection graph

Images :
http://geospatial.blogs.com/geospatial/2009/07/alternative-energy-green-nonemitting-clean-renewable-or-low-carbon-.html
http://www.thewatertreatments.com/water/distribution-system/
UIUC
3

Distributed controllers coordinate with other
nodes in order to:
◦ Reach to the desired state for the entire system
◦ Maintain functionality and stability of the system

System relies on Communication
◦ North American Electric Reliability Council report:
information system failure is a major reason of
cascade failures!
UIUC
4


Unpredictable latency in communication
Possible failures in communication channels
◦ Physical disconnection
◦ Improper functioning of communication unit
UIUC
5


Replacing the old infrastructure with new
infrastructure is expensive therefore the old
communication infrastructure is unlikely to be
replaced any time soon.
Therefore:
◦ Techniques need to be developed for detecting and
handling faults using existing communication technology.
UIUC
6
Replacing cyber data with physical
data to detect and handle faults
UIUC
7


In CPS, in addition to cyber channels, there are also
physical channels that can be used as a source of
data.
◦ Control commands result in a physical change in
the state of a system
 Red light and street example
◦ Data should match with physical state
 Water pipe and sensors
We exploit the estimated states of remote nodes to
detect communication faults and maintain the
overall stability of the CPS.
UIUC
8





𝐺 𝑝 = 𝑉, 𝐸 𝑝 , Physical connection graph of CPS
𝑝
𝑁𝑖 : physical neighbors of node i
𝐺 𝑐 = 𝑉, 𝐸 𝑐 ∶ Cyber connection graph of CPS
𝑁𝑖𝑐 : cyber neighbors of node i
𝐷𝑖 : disconnected neighbors of node i
UIUC
9



Connected nodes {1,2,4,5}
Partially Connected nodes {3}
Totally Disconnected nodes {6,7}
UIUC
10






Estimation Unit
Communication Unit
Switching module
Distributed controller
Hybrid Controller
Local Controller
UIUC
11



Designed for normal
operation mode
when reliable data is
being received from
all the neighbors
For most of the
existing distributed
cyber-physical
systems, their
existing controller
can be used without
any modifications.
Only Access to
communication unit
UIUC
12


Operates only
based on
estimated state
variables of remote
nodes and locally
measured variables
Only access to
estimation unit
UIUC
13


When there is both
connected and
disconnected
neighbors.
Has access to both
communication
and estimation unit
UIUC
14

Estimate neighbors state using local
measurements and previous knowledge
◦ Example in power:
 𝑍𝑖𝑗 is previous knowledge
 𝑉𝑖 and 𝐼𝑖𝑗 is local measurement
◦ Autonomous Vehicles
 Using local infrared sensors
◦ Water Distribution system
 𝑃𝑗 = 𝑃𝑖 + 𝑅𝑖𝑗 𝐹𝑖𝑗 (F: flow rate, R:physical resistance)
UIUC
15

Packetdist :
◦ Information required by controllers in order to take
system to desired final state

Packetmeas :
◦ For verification purpose
◦ Estimatable for the neighbors
UIUC
16

Periodically checks the following inequality

𝑒𝑥𝑚𝑎𝑥 : maximum estimation error
◦ This can be measured using experiments



Xdata : received parameters from neighbors
Xest : estimated parameters based on the
local data
A communication fault is declared when the
inequality doesn’t hold
UIUC
17

No data received
◦ Communication unit buffer is not updated in a
while. There would be a deviation between real data
and data on communication buffer.


Incorrect data
◦ Gap between the estimated and received value
Based on the number of disconnected
neighbors, a switch is triggered to hybrid or
local controllers.
UIUC
18

Sensitivity:
◦ 𝑆𝑖𝑗 =

∆𝜋𝑖
∆𝑉𝑗
Injecting reactive power lowers the voltage of
the node.
UIUC
19



Goal: maintain voltages of nodes in the range
of 𝑉𝑛𝑜𝑚 ± 5%
A decentralized network in which each node
sends the amount of reactive power that
requires for its voltage correction to its
neighbors.
Through some iterative steps, each node
calculates its own reactive power production.
UIUC
20


When the communication is broken, each
node can only use its own reactive power
capacity for voltage correction.
Over/under voltages will occur in the nodes
with higher needs than their capacity.
UIUC
21

Estimation unit:

Fault declaration:

A fault triggers a switch to Hybrid or Local
controllers based on the number of
disconnected neighbors.
UIUC
22

Distributed Controller:
◦ Nodes exchange information via communication
channels and come up with value of reactive power
production.

Hybrid Controller:
◦ For disconnected neighbors, their value of reactive
voltage requirement is estimated based on estimation of
their voltage.

Local Controller:
◦ All the reactive power requirements of the neighbors are
estimated. Finally, in order to satisfy requirements of all
the neighbors, maximum estimated power is generated
by the node.
UIUC
23

Perfect Communication:


All the nodes in the network can generate power for the
node.
Broken Communication:
◦ Original DVC algorithm: only the node itself can provide
required power
◦ Fault Resilient DVC algorithm: Immediate neighbors can
also provide the reactive power.
UIUC
24
UIUC
25
UIUC
26