Environmental Rate Manipulation Attacks on Power Grid Security

TL;DR

The paper introduces Environmental Rate Manipulation (ERM), a novel hardware Trojan trigger that activates based on the rate of change in environmental sensor readings rather than fixed thresholds. It demonstrates a compact $14~\mu$m$^2$ trigger circuit inside a TI solar inverter that can catastrophically disrupt PWM control, leading to driver failure, and shows via LTSpice, Simulink, and ETAP that a single compromised 100 kW inverter can cause cascading grid instability. The study provides end-to-end validation—from theoretical foundations to hardware experiments and grid-scale simulations—highlighting a fundamental vulnerability in sensor-based power electronics and the broader risk to grid resilience. It also discusses extensive evasion strategies, integration considerations, and generalization to other sensing modalities, arguing for renewed defenses beyond redundancy and traditional testing. Overall, ERM exposes a critical security blind spot in hardware Trojan detection for inverter-dominated power systems and demonstrates substantial practical implications for supply chain security and grid reliability.

Abstract

The growing complexity of global supply chains has made hardware Trojans a significant threat in sensor-based power electronics. Traditional Trojan designs depend on digital triggers or fixed threshold conditions that can be detected during standard testing. In contrast, we introduce Environmental Rate Manipulation (ERM), a novel Trojan triggering mechanism that activates by monitoring the rate of change in environmental parameters rather than their absolute values. This approach allows the Trojan to remain inactive under normal conditions and evade redundancy and sensor-fusion defenses. We implement a compact 14~$μ$m$^2$ circuit that measures capacitor charging rates in standard sensor front-ends and disrupts inverter pulse-width modulation PWM signals when a rapid change is induced. Experiments on a commercial Texas Instruments solar inverter demonstrate that ERM can trigger catastrophic driver chip failure. Furthermore, ETAP simulations indicate that a single compromised 100~kW inverter may initiate cascading grid instabilities. The attack's significance extends beyond individual sensors to entire classes of environmental sensing systems common in power electronics, demonstrating fundamental challenges for hardware security.

Figures (13)

• Figure 1: Clamped fly-back DC-DC converter circuit.
• Figure 2: H-bridge DC-AC inverter circuit generating grid-synchronized AC output using PWM-controlled current paths.
• Figure 3: (A) Temperature sensing circuit. (B) Trojan trigger logic with sense amplifier, timing control, & payload interface. (C) Glitch generator circuit.
• Figure 4: HT layout in Cadence Virtuoso at 45 nm, occupying $<14~\mu\text{m}^2$ within inverter control logic.
• Figure 5: Output voltage of DC-DC converter (left) and DC-AC inverter (right) before and after Trojan activation, showing significant voltage degradation.