The emerging measurement technology of phasor measurement units (PMUs) makes it possible to estimate the state of electrical grids in real time, thus opening the way to new protection and control applications. PMUs rely on precise time synchronization; therefore, they are vulnerable to time-synchronization attacks (TSAs), which alter the measured voltage and current phases. In particular, undetectable TSAs pose a significant threat as they lead to an incorrect but credible estimate of the system state. Prior work has shown that such attacks exist against pairs of PMUs, but they do not take into consideration the clock adjustment performed by the clock servo, which can modify the attack angles and make the attacks detectable. This cannot be easily addressed with the existing attacks, as the undetectable angle values form a discrete set and cannot be continuously adjusted as would be required to address the problems posed to the attacker by the clock servo. Going beyond prior work, this article first shows how to perform undetectable attacks against more than two PMUs, so that the set of undetectable attacks forms a continuum and supports small adjustments. Second, it shows how an attacker can anticipate the operation of the clock servo while achieving her attack goal and remaining undetectable. Third, this article shows how to identify vulnerable sets of PMUs. Numerical results on the 39-bus IEEE benchmark system illustrate the feasibility of the proposed attack strategies.

Precise time synchronization of Phasor Measurement Units (PMUs) is critical for monitoring and control of smart grids. Thus, time synchronization attacks (TSAs) against PMUs pose a severe threat to smart grid security. In this paper we present an approach for detecting TSAs based on the interaction between the time synchronization system and the power system. We develop a phasor measurement model and use it to derive an accurate closed form expression for the correlation between the frequency adjustments made by the PMU clock and the resulting change in the measured phase angle, without an attack. We then propose one model-based and three data-driven TSA detectors that exploit the change in correlation due to a TSA. Using extensive simulations, we evaluate the proposed detectors under different strategies for implementing TSAs, and show that the proposed detectors are superior to state-of-the-art clock frequency anomaly detection, especially for unstable clocks.

Phasor measurement units (PMU) rely on an accurate time-synchronization to phase-align the phasors and timestamp the voltage and current phasor measurements. Among the symmetrical components computed from the phasors in three-phase systems, the standard practice only uses the direct-sequence component for state estimation and bad data detection (BDD). Time-synchronization attacks (TSAs) can compromise the measured phasors and can, thus, significantly alter the state estimate in a manner that is undetectable by widely used power-system BDD algorithms. In this paper we investigate the potential of utilizing the three-phase model instead of the direct-sequence model for mitigating the vulnerability of state estimation to undetectable TSAs. We show analytically that if the power system is unbalanced then the use of the three-phase model as input to BDD algorithms enables to detect attacks that would be undetectable if only the direct-sequence model was used. Simulations performed on the IEEE 39-bus benchmark using real load profiles recorded on the grid of the city of Lausanne confirm our analytical results. Our results provide a new argument for the adoption of three-phase models for BDD, as their use is a simple, yet effective measure for reducing the vulnerability of PMU measurements to TSAs.

Time Synchronization Attacks (TSAs) against Phasor Measurement Units (PMUs) constitute a major threat to modern smart grid applications. By compromising the time reference of a set of PMUs, an attacker can change the phase angle of their measured phasors, with potentially detrimental impact on grid operation and control. Going beyond traditional residual-based techniques in detecting TSAs, in this paper we propose the use of Graph Signal Processing (GSP) to model the power grid so as to facilitate the detection and localization of TSAs. We analytically show that modeling the state of the power system as a low-pass graph signal can significantly improve the resilience of the grid against TSAs. We propose TSA detection and localization methods based on GSP, leveraging state-of-the-art machine learning algorithms. We provide empirical evidence for the efficiency of the proposed methods based on extensive simulations on two IEEE benchmark systems. In fact, our methods can detect at least 77% more TSAs of significant impact and identify an additional 13% of the attacked PMUs compared to state-of-the-art techniques.

The lack of integrated support for security has been a major shortcoming of Precision Time Protocol version 2 (PTPv2) for a long time. The upcoming PTPv2.1 aims at addressing this shortcoming in a variety of ways, including the introduction of lightweight message authentication. In this paper we provide an overview of the planned security features, and report results based on an implementation of the proposed integrated security mechanism based on the open source Linux PTP, including support for hardware timestamping. Our implementation includes an extension of Linux PTP to support transparent clocks. We provide results from an experimental testbed including a transparent clock, which illustrate that the extensions can be implemented in software at a low computational overhead, while supporting hardware timestamping. We also provide a discussion of the remaining vulnerabilities of PTP time synchronization, propose countermeasures, and discuss options for key management, which is not covered by the standard.

Time Synchronization attacks constitute a major threat to PMU-based smart grid applications, their cost-efficient detection and mitigation is thus of utmost importance. In this paper we propose a mitigation approach based on authenticated network-based time synchronization. Our approach relies on the observation that a time synchronization attack can be undetectable if and only if it targets at least three time references in the power system, and such attacks need to be mitigated through appropriate security controls. We first provide a formal proof of this result, including a characterization of the degrees of freedom of the attacker in constructing an attack. We then formulate the problem of mitigating undetectable attacks at minimum costas an integer linear program, and prove that it is NP-hard. To solve the problem, we propose two approximation algorithms based on (1) computing shortest paths, and (2) solving a linear relaxation of the problem. Extensive simulations suggest the superiority of the proposed algorithms on IEEE benchmark power system graphs compared to baseline solutions. We report mitigation cost savings of at least 76% compared to a naive approach for mitigation and at least 30% compared the state-of-the-art.