kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Model-Based and Data-Driven Detectors for Time Synchronization Attacks Against PMUs
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-9988-9545
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-4876-0223
2020 (English)In: IEEE Journal on Selected Areas in Communications, ISSN 0733-8716, E-ISSN 1558-0008, Vol. 38, no 1, p. 169-179Article in journal (Refereed) Published
Abstract [en]

Precise time synchronization of Phasor Measurement Units (PMUs) is critical for monitoring and control of smart grids. Thus, time synchronization attacks (TSAs) against PMUs pose a severe threat to smart grid security. In this paper we present an approach for detecting TSAs based on the interaction between the time synchronization system and the power system. We develop a phasor measurement model and use it to derive an accurate closed form expression for the correlation between the frequency adjustments made by the PMU clock and the resulting change in the measured phase angle, without an attack. We then propose one model-based and three data-driven TSA detectors that exploit the change in correlation due to a TSA. Using extensive simulations, we evaluate the proposed detectors under different strategies for implementing TSAs, and show that the proposed detectors are superior to state-of-the-art clock frequency anomaly detection, especially for unstable clocks.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2020. Vol. 38, no 1, p. 169-179
Keywords [en]
Clocks, Phasor measurement units, Synchronization, Detectors, Phase measurement, Frequency measurement, Power system stability, PMU, time synchronization attacks, phasor measurements, security, cyber-physical systems, correlation, clock synchronization, data-driven detection, machine learning
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-268779DOI: 10.1109/JSAC.2019.2952017ISI: 000510714300015Scopus ID: 2-s2.0-85074856246OAI: oai:DiVA.org:kth-268779DiVA, id: diva2:1396021
Note

QC 20200225

Available from: 2020-02-25 Created: 2020-02-25 Last updated: 2022-06-26Bibliographically approved
In thesis
1. Security of Time Synchronization for PMU-based Power System State Estimation: Vulnerabilities and Countermeasures
Open this publication in new window or tab >>Security of Time Synchronization for PMU-based Power System State Estimation: Vulnerabilities and Countermeasures
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Phasor Measurement Units (PMUs) constitute an emerging technology that is essential for various smart grid applications such as phase angle monitoring, power oscillation damping, fault localization, and linear state estimation. To obtain precise PMU measurements of voltage and current phasors, time synchronization in the order of 1 microsecond is typically required. Nevertheless, time synchronization sources for PMUs, such as GPS satellites and Precision Time Protocol (PTP), are vulnerable to Time Synchronization Attacks (TSAs). A TSA can disrupt time synchronization, resulting in malicious phase angle measurements, potentially leading to serious consequences to the stability of the power grid. Moreover, sophisticated attackers may be able to develop undetectable TSAs that would lead to incorrect but credible estimates of the system state, which will bypass traditional Bad Data Detection (BDD) algorithms employed in the grid. Therefore, the detection and mitigation of such undetectable TSAs is of utmost importance for power system operators.​

The first part of this thesis explores the threat of undetectable TSAs by investigating their practical feasibility. We provide necessary and sufficient conditions for a set of PMUs to be vulnerable to undetectable TSAs and provide an efficient algorithm to compute attacks against any number of vulnerable PMUs. Furthermore, we show that the set of undetectable TSAs forms a continuum if at least three vulnerable PMUs are targeted by the attack. This fact can be exploited by an attacker to develop low-rate attacks that would adapt to the clock servo that controls the PMU clock, and would bypass typical change detection-based security solutions. The feasibility of computing undetectable TSAs was demonstrated using realistic PMU data and a widely-used clock servo implementation.

The second part of this thesis considers the detection of TSAs. To this end, we proposed three detection approaches focusing on various aspects of PMU and power grid operations. The first proposed approach is decentralized, and attempts to detect TSAs at every PMU individually by leveraging the dependence between the PMU clock state and the measured phasor. The approach is based on the observation that a TSA changes the correlation between the PMU clock frequency adjustments and the change in the measured phase angle. We proposed model-based and data-driven machine learning-based TSA detectors exploiting the change in correlation. Using extensive simulations and realistic PMU clock models, the proposed detectors were shown to perform well even for relatively low-rate attacks. The second proposed approach is centralized and is based on performing state estimation using the complete three-phase model instead of the simpler and more widely-used direct-sequence equivalent model. Our analytical results and extensive simulations showed that three-phase state estimators are significantly more resilient to TSAs compared to single-phase state estimators in unbalanced three phase systems. The third proposed approach is based on the framework of Graph Signal Processing (GSP) in power systems. We showed that by regarding the system state as a graph signal, the low-dimensional structure of the PMU measurements and the system state can be exploited for TSA detection. Based on GSP, we proposed a high-pass graph filter as well as machine learning classifiers utilizing GSP features, both showing superior performance not only in detecting the presence of a TSA, but also in localizing the attacked PMUs.

The third and final part of the thesis considers the mitigation of TSAs, with special focus on PTP networks. In this regard, we investigated recently standardized authentication schemes in PTPv2.1 and their effect on both the synchronization accuracy and network latency in an experimental testbed. The results showed that the authentication schemes pose no significant overhead on the synchronization accuracy or the network latency. Moreover, the cost considerations of PTP authentication were investigated by considering the partial application of the authentication schemes to a PTP network only in the parts that are vulnerable to undetectable TSAs, thus combining TSA mitigation and detection. We showed that the problem of mitigating undetectable TSAs at minimum cost is NP-hard. We formulated the problem as an integer linear program and proposed two approximation algorithms based on linear relaxation and a greedy heuristic. Through extensive simulations on both synthetic graphs and realistic IEEE benchmark power system graphs, we showed that our proposed algorithms, combining both state estimation and PTP authentication, can dramatically reduce the cost of mitigating TSAs.

The TSA detection and mitigation approaches presented in this thesis constitute a step towards secure and reliable time synchronization for PMU applications and a more resilient smart grid infrastructure.

Place, publisher, year, edition, pages
Stockholm, Sweden: KTH Royal Institute of Technology, 2021. p. 237
Series
TRITA-EECS-AVL ; 2021:66
Keywords
Phasor measurements unit, Time synchronization, Power system state estimation, Network Security, Time synchronization attacks, Precision time protocol, Machine learning
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Electrical Engineering
Identifiers
urn:nbn:se:kth:diva-304272 (URN)978-91-8040-035-0 (ISBN)
Public defence
2021-11-29, Kollegiesalen Zoom link: https://kth-se.zoom.us/j/66718887877?pwd=Vk93U0FiQjMvbzBWaVVsN3kyRTd0dz09, Brinellvägen 8, Stockholm, Sweden, 14:00 (English)
Opponent
Supervisors
Note

QC 20211101

Available from: 2021-11-01 Created: 2021-10-29 Last updated: 2022-06-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Shereen, EzzeldinDán, György

Search in DiVA

By author/editor
Shereen, EzzeldinDán, György
By organisation
Network and Systems Engineering
In the same journal
IEEE Journal on Selected Areas in Communications
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 108 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf