Modeling and Detecting False Data Injection Attacks against Railway Traction Power Systems

Modern urban railways extensively use computerized sensing and control technologies to achieve safe, reliable, and well-timed operations. However, the use of these technologies may provide a convenient leverage to cyber-attackers who have bypassed the air gaps and aim at causing safety incidents and service disruptions. In this article, we study False Data Injection (FDI) attacks against railway Traction Power Systems (TPSes). Specifically, we analyze two types of FDI attacks on the train-borne voltage, current, and position sensor measurements—which we call efficiency attack and safety attack—that (i) maximize the system’s total power consumption and (ii) mislead trains’ local voltages to exceed given safety-critical thresholds, respectively. To counteract, we develop a Global Attack Detection (GAD) system that serializes a bad data detector and a novel secondary attack detector designed based on unique TPS characteristics. With intact position data of trains, our detection system can effectively detect FDI attacks on trains’ voltage and current measurements even if the attacker has full and accurate knowledge of the TPS, attack detection, and real-time system state. In particular, the GAD system features an adaptive mechanism that ensures low false-positive and negative rates in detecting the attacks under noisy system measurements. Extensive simulations driven by realistic running profiles of trains verify that a TPS setup is vulnerable to FDI attacks, but these attacks can be detected effectively by the proposed GAD while ensuring a low false-positive rate.

[1]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[2]  M. Turan Soylemez,et al.  Parameters Affecting Braking Energy Recuperation Rate in DC Rail Transit , 2007 .

[3]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[4]  Tao Tang,et al.  A Cooperative Train Control Model for Energy Saving , 2015, IEEE Transactions on Intelligent Transportation Systems.

[5]  R. G. Fletcher Regenerative equipment for railway rolling stock , 1991 .

[6]  Lars Abrahamsson,et al.  Optimal Railroad Power Supply System Operation and Design : Detailed system studies, and aggregated investment models , 2012 .

[7]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[8]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[9]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[10]  Frank Sottile,et al.  Real Solutions to Equations from Geometry , 2006, University lecture series.

[11]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.

[12]  Lingfeng Wang,et al.  Electricity theft: Overview, issues, prevention and a smart meter based approach to control theft , 2011 .

[13]  Cassiano Lobo Pires,et al.  ICCG method applied to solve DC traction load flow including earthing models , 2007 .

[14]  M. R. Irving,et al.  Iterative techniques for the solution of complex DC-rail-traction systems including regenerative braking , 1996 .

[15]  Xiang Li,et al.  Optimization of Multitrain Operations in a Subway System , 2014, IEEE Transactions on Intelligent Transportation Systems.

[16]  Paul Batty,et al.  A systems approach to reduce urban rail energy consumption , 2014 .

[17]  Karl Henrik Johansson,et al.  Optimal power flow: Closing the loop over corrupted data , 2012, 2012 American Control Conference (ACC).

[18]  S.N. Talukdar,et al.  The analysis of electrified ground transportation networks , 1977, IEEE Transactions on Power Apparatus and Systems.

[19]  Michael Meyer zu Hörste,et al.  Requirements for Safety Relevant Positioning Applications in Rail Traffic , 2005 .

[20]  Zuyi Li,et al.  Modeling Load Redistribution Attacks in Power Systems , 2011, IEEE Transactions on Smart Grid.

[21]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[22]  Lang Tong,et al.  On Topology Attack of a Smart Grid: Undetectable Attacks and Countermeasures , 2013, IEEE Journal on Selected Areas in Communications.

[23]  Pablo Arboleya,et al.  Unified AC/DC Power Flow for Traction Systems: A New Concept , 2012, IEEE Transactions on Vehicular Technology.

[24]  Ehab Al-Shaer,et al.  A formal model for verifying the impact of stealthy attacks on optimal power flow in power grids , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[25]  Arvind U. Raghunathan,et al.  Minimizing Energy Consumption in Railways by Voltage Control on Substations , 2014 .

[26]  T Koseki,et al.  POWER MANAGEMENT CONTROL IN DC-ELECTRIFIED RAILWAYS FOR THE REGENERATIVE BRAKING SYSTEMS OF ELECTRIC TRAINS , 2004 .

[27]  Masafumi Miyatake,et al.  Optimization of Train Speed Profile for Minimum Energy Consumption , 2010 .

[28]  Bassam Mohamed,et al.  BFS algorithm for voltage-constrained meshed DC traction networks with nonsmooth voltage-dependent loads and generators , 2017, 2017 IEEE Power & Energy Society General Meeting.

[29]  G. Sheblé,et al.  Power generation operation and control — 2nd edition , 1996 .