COMP3217 Security of Cyber-Physical Systems 21/22 Coursework 2

 Pick Option A or Option B Option A: Detection of Manipulated Pricing in Smart Energy CPS Scheduling The coursework is worth 50% of the total mark for this course. It involves writing programs for the task described below, and you can choose any major programming language such as C/C++, Python, etc. The purpose of this coursework is to understand the linear programming based energy scheduling for smart home cyber-physical system, understand the interdependence between the pricing information and the energy load scheduling, develop detection techniques for pricing attacks, and get familiar with some cyber-physical system security programming skills. • • • • • • • • Consider a small community consisting of only 5 users, each of whom has 10 smart home appliances. The details are included in COMP3217CW2-Input.xlsx You are given a set of 10,000 predictive guideline price curves (TrainingData.txt), where half of them are labelled as Normal and the other half are labelled as Abnormal. There are 25 numbers in each predictive guideline price curve, where the first 24 numbers refer to the unit for each hour and the last number is binary indicating whether it is a normal pricing curve (if it is 0) or an abnormal pricing curve (if it is 1). These 10,000 predictive guideline price curves are basically the training data. You are also given 100 predictive guideline price curves without labels, which are the testing data (TestingData.txt), where there are 24 numbers in each predictive guideline curve. You need to design and implement a technique to model those training data and compute the labels for all testing data (i.e., 0 or 1 for each predictive guideline pricing curve). In the report, you need to clearly indicate the computed label for each predictive guideline pricing curve in the testing data. You also need to output a file (TestingResults.txt) with the same format as the training data and submit it together with your source code. For each of those testing data labelled with Abnormal (i.e., labelled with 1) as determined by your code, you will need to compute the linear programming based energy scheduling solution according to that abnormal predictive guideline price curve, and plot the scheduling results showing the hourly energy usage of this community (i.e., 24 bars where each bar shows the total energy usage from all of 5 users during the corresponding hour). In the report, you should give a clear description of the problem, the linear programming based scheduling algorithm, and your technique to compute the labels. You need to show the computed labels for all of the 100 testing data. You should also analyse and discuss your results (including, but not limited to, the training error). The accuracy on 100 testing data (testing error) will be an important factor in determining your performance on this coursework, followed by the classification accuracy on 10,000 training data (training error). You should make good use of a software repository (e.g., git or github) and your code needs to be maintainable and designed with a make-based build structure. Your code should contain sufficient comments. 1 • Your code should be laid out neatly with consistent indentation. Assessment criteria Correctness of classification 50% Correctness of energy scheduling 10% Clarity of program and comments 15% Quality of report and analysis 25% Submission Due Date: May 23, 2022 You are required to submit the report, the source code files, and your output file (TestingResults.txt), into the submission system. Option B: Zero Trust Architecture for Cyber-Physical Power System The coursework is worth 50% of the total mark for this course. It involves writing programs for the task described below, and you can choose any major programming language such as C/C++, Python, etc. The purpose of this coursework is to understand and implement a zero trust architecture for cyber-physical power systems, use it to detect the potential attacks, and get familiar with some cyber-physical system security programming skills. • • Consider a small cyber-physical system consisting of 10 IoT devices which are industrial controllers, compressors, sensors, embedded processors, turbines, etc, in a smart power distribution network. You are provided with 10 simulators where each simulator generates the outputs based on the system dynamics for the corresponding IoT device. At each time step, an IoT device can take inputs from the control centre and/or other IoT devices, to call other IoT devices, and to perform the computations and operations to generate some outputs, which are modelled by the simulator. Note that due to the functionalities of those IoT devices, same inputs at different time steps could produce different outputs. Those input-output data will be printed by the simulator in the following format. 2 Input from Control Centre 23, 52 Call IoT 8 with Parameters 9 Call IoT 9 with Parameters 18 Output 38 For example, if IoT 2 issues (Call IoT 1 with Parameters 53), the simulator for IoT 1 will use 53 as an additional input but IoT 1 will not print this additional input for you. • • • • • • • You are asked to run those simulators to generate some input-output data. With them, you will develop part of a zero trust architecture for this cyber- physical system. An important component of this architecture is a dynamic access and physical behaviour controller (DAPBC) installed on each IoT device. If any anomaly in the communication or physical operation of an IoT device is observed, the DAPBC will alert the control centre. You will design this DAPBC to manage the access control for each IoT device. You will be given the other set of anomaly simulators which are designed to inject anomalies, which would be significantly different from the normal behaviours. Your DAPBC will be evaluated using the true positive, true negative, false positive and false negative rates for handling them. The functionalities of some IoT devices might be updated through remote updating after they are deployed. You should discuss how to construct a certificate authority based security architecture to handle those potential updates. In the report, you should give a clear description of the problem and the algorithm. You should analyse and discuss your results. The correctness of your DAPBC is evaluated using the true positive, true negative, false positive and false negative rates on the 1000 runs of each anomaly simulator. You should also give the discussion on how to construct a certificate authority based security architecture to handle the potential functionality updates to the IoT devices. You should make good use of a software repository (e.g., git or github) and your code needs to be maintainable and designed with a make-based build structure. Your code should contain sufficient comments. Your code should be laid out neatly with consistent indentation. Assessment criteria Correctness of the DAPBC 50% Clarity of program and comments 10% Clarify of discussion on the proposed security architecture 25% Quality of report and analysis 15% Submission Due Date: May 23, 2022 You are required to submit the report, the source code files, and your output file, into the submission system. 3