Detection Techniques for Data-Level Spoofing in GPS-Based Phasor Measurement Units

The increasing complexity of today’s power system aggravated the stability and real-time issues. Wide-area monitoring system (WAMS) provides a dynamic coverage which allows real-time monitoring of critical knows of power systems. Phasor measurement units (PMUs) are being used in WAMS to provide a wide area system view and increase the system stability. A PMU is a sensor that measures the three-phase analog voltage, current and frequency and uploads the phasor information to the Phasor Data Concentrator (PDC) at a rate of 30 to 60 observations per second. Typically, PMUs utilize a Global Positioning System (GPS) reference source to provide the required synchronization across wide geographical areas. On the other hand, civil GPS receivers are vulnerable to a number of different attacks such as jamming and spoofing, which can lead to inaccurate PMU measurements and consequently compromise the state estimation in the electric power grid. In this thesis, we propose three countermeasures against GPS spoofing attacks on PMUs from three layers in the WAMS. In particular, we utilize the fact that in GPS-based PMUs, unlike most of the GPS applications, the position of the PMU receivers are already fixed and known. Our first technique employs an algorithm that accurately predicts the number of theoretically visible GPS satellites from a given position on earth. If the GPS receiver detects satellites which should not be visible at that time, this signifies a spoofing attempt. The second technique is an anomaly-based detection method which assumes that the statistics of malicious errors in GPS time solutions are unlikely to be consistent with the expected statistics of the typical receiver clock. We also propose a model which can be used to analyze the phasor data uploaded from two PMUs to the Phasor Data Concentrator. The relative phase angle difference (RPAD) is used in our algorithm to detect the spoofing attack. The algorithm uses Fast Fourier Transform to analyze the RPAD between two PMUs. We study the behavior of the low-frequency component in the FFT result of the RPAD between that two PMUs to detect the spoofing attacks. The effectiveness of the proposed techniques is confirmed by simulations

A Low Cost Mass-Market Deployable Security Approach Against GPS Spoofing Attacks

The Global Positioning System (GPS) is used ubiquitously for navigation and timing synchronization purposes. Many telecommunication, finance and aviation systems rely heavily on GPS information for routine operations. GPS functions by relying on satellites orbiting the earth in very accurately predictable orbits, which are used as references to identify the positions of objects (receivers). Receivers calculate their positions by receiving GPS signals and calculating their relative distances to each of the satellites. With enough relative distances, the receiver can resolve its position using the method known as trilateration [1]. In this thesis, we underline the vulnerability of this orbiting infrastructure to spoofing attacks, by easily procurable and affordable software defined radios. GPS Signal spoofing is a type of malicious attack, where an attacker generates fake GPS signal with valid GPS properties but false navigational and/or timing information to fool non-suspecting receivers. These signals appear authentic and receivers end up processing the false signal and extracting wrong information. There are two types of GPS services, civilian and military. The military service is encrypted and not vulnerable to such attacks because the pseudorandom codes are not disclosed to the public. However, this service is accessible to authorized military personnel alone. All other commercial and public GPS receivers which form the mass of the population are vulnerable to spoofing attacks. The civilian GPS broadcast band is not encrypted, and this makes it easy for an attacker to recreate the signal that appears valid to GPS receivers. In this thesis we implement a low cost, easy for mass-market application Doppler measurement based spoofing detection approach, utilizing non-specialized off the shelf commercial receivers

Integrity and attack-resilience of GPS-based positioning and timing: a Bayesian and measurement fusion approach

Robust Position, Velocity, and Timing (PVT) are essential for the safe operations of critical infrastructure sectors, such as transportation systems and power grids. Different transportation systems, both human-operated and autonomous vehicles, navigate using accurate position and velocity information. On the other hand, precise timing is crucial for various economic activities worldwide, such as banking, stock markets, and the power grid. GPS serves as a backbone for many state-of-the-art applications related to these crucial infrastructures. GPS provides sub-microsecond accurate timing and meter level of accurate positioning. It has global coverage and is free for all users. The GPS positioning and timing service has some limitations. The positioning accuracy degrades in urban environments due to tall structures that block and reflect satellite signals. Degraded positioning is not safe for the operation of autonomously driving vehicles. Furthermore, GPS signals are susceptible to external attacks due to their low signal power and unencrypted signal structures. Researchers have shown that GPS Spoofing Attacks (GSAs) are feasible, and GSA for timing is able to alter timing without modifying the positioning solution. Such attacks create unsafe operating conditions for the modern power grid, which will use GPS timing for monitoring the wide-area network. The contribution of this work is to develop algorithms to mitigate the above limitations. We develop Bayesian algorithms that utilize multiple sensors and receivers. For improving positioning, first, we design an adaptive filter based on Bayesian algorithms to augment GPS with the additional vision sensor. Second, we develop an integrity monitoring algorithm for Direct Positioning (DP), which is an advanced GPS receiver architecture that directly works on the position domain and is robust to signal blockage and multipath effects. To monitor integrity, we estimate vertical protection levels using a Bayesian approach. We further generate GPS datasets simulating open, semi-urban, and urban environments for validating DP with multiple receivers. For mitigating GSAs for timing, we design static and dynamic state estimators for the power grid. The static state estimator utilizes measurement residuals to correct power grid states. In the dynamic state estimator, we fuse GPS and power grid measurements to provide resiliency against GSAs. We create a virtual power grid testbed and generate datasets for a power grid network under different GSAs. These are the first datasets that contain both power grid and GPS measurements under GSAs, and we make them openly available. Our estimators are validated on various power grid networks and on the generated datasets

The Resilience Of Smart Energy Systems Against Adversarial Attacks, Operational Degradation And Variabilities

The presented research investigates selected topics concerning resilience of critical energy infrastructures against certain types of operational disturbances and/or failures whether natural or man-made. A system is made resilient through the deployment of physical devices enabling real-time monitoring, strong feedback control system, advanced system security and protection strategies or through prompt and accurate man-made actions or both. Our work seeks to develop well-planned strategies that act as a foundation for such resiliency enabling techniques.The research conducted thus far addresses three attributes of a resilient system, namely security, efficiency, and robustness, for three types of systems associated with current or future energy infrastructures. First (chapter 1), we study the security aspect of cyber-physical systems which integrate physical system dynamics with digital cyberinfrastructure. The smart electricity grid is a common example of this system type. In this work, an abstract theoretical framework is proposed to study data injection/modification attacks on Markov modeled dynamical systems from the perspective of an adversary. The adversary is capable of modifying a temporal sequence of data and the physical controller is equipped with prior statistical knowledge about the data arrival process to detect the presence of an adversary. The goal of the adversary is to modify the arrivals to minimize a utility function of the controller while minimizing the detectability of his presence as measured by the K-L divergence between the prior and posterior distribution of the arriving data. The trade-off between these two metrics– controller utility and the detectability cost is studied analytically for different underlying dynamics.Our second study (chapter 2) reviews the state of the art ocean wave generation technologies along with system level modeling while providing an initial study of the impacts of integration on a typical electrical grid network as compared to the closest related technology, wind energy extraction. In particular, wave power is computed from high resolution measured raw wave data to evaluate the effects of integrating wave generation into a small power network model. The system with no renewable energy sources and the system with comparable wind generation have been used as a reference for evaluation. Simulations show that wave power integration has good prospects in reducing the requirements of capacity and ramp reserves, thus bringing the overall cost of generation down.Our third study(chapter 3) addresses the robustness of resilient ocean wave generation systems. As an early-stage but rapidly developing technology, wave power extraction systems must have strong resilience requirements in harsh, corrosive ocean environments while enabling economic operation throughput their lifetime. Such systems are comprised of Wave Energy Converters (WECs) that are deployed offshore and that derive power from rolling ocean waves. The Levelized Cost of Electricity (LCOE) for WECs is high and one important way to reduce this cost is to employ strategies that minimize the cost of maintenance of WECs in a wave farm. In this work, an optimal maintenance strategy is proposed for a group of WECs, resulting in an adaptive scheduling of the time of repair, based on the state of the entire farm. The state-based maintenance strategy seeks to find an optimal trade-off between the moderate revenue generated from a farm with some devices being in a deteriorated or failed state and the high repair cost that typifies ocean wave farm maintenance practices. The formulation uses a Markov Decision Process (MDP) approach to devise an optimal policy which is based on the count of WECs in different operational states.Our fourth study (chapter 4) focuses on enabling resilient electricity grids with Grid Scale Storage (GSS). GSS offers resilient operations to power grids where the generation, transmission, distribution and consumption of electricity has traditionally been ``just in time . GSS offers the ability to buffer generated energy and dispatch it for consumption later, e.g., during generation outage and shortages. Our research addresses how to operate GSS to generate revenue efficiency in frequency regulation markets. Operation of GSS in frequency regulation markets is desirable due to its fast response capabilities and the corresponding revenues. However, GSS health is strongly dependent on its operation and understanding the trade-offs between revenues and degradation factors is essential. This study answers whether or not operating GSS at high efficiency regularly reduces its long-term performance (and thereby its offered resilience to the power grid).Our fifth study (chapter 5) focuses on the resilience of Wide Area Measurement Systems (WAMS) which is an integral part of modern electrical grid infrastructure. The problem of the global positioning system (GPS) spoofing attacks on smart grid endowed with phasor measurement units (PMUs) is addressed, taking into account the dynamical behavior of the states of the system. It is shown how GPS spoofing introduces a timing synchronization error in the phasor readings recorded by the PMU and alters the measurement matrix of the dynamical model. A generalized likelihood ratio-based hypotheses testing procedure is devised to detect changes in the measurement matrix when the system is subjected to a spoofing attack. Monte Carlo simulations are performed on the 9-bus, 3-machine test grid to demonstrate the implication of the spoofing attack on dynamic state estimation and to analyze the performance of the proposed hypotheses test. Asymptotic performance analysis of the proposed test, which can be used for large-scale smart grid networks, is also presented