Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation

Smart-grid applications based on synchrophasor measurements have recently been shown to be vulnerable to timing attacks. A fundamental question is whether timing attacks could remain undetected by bad-data detection algorithms used in conjunction with state-of-the-art situational-awareness state estimators. In this paper, we analyze the detectability of timing attacks on linear state-estimation. We show that it is possible to forge delay attacks that are undetectable. We give a closed form for an undetectable attack; it imposes two phase offsets to two or more synchrophasor-based measurement units that can be translated to synchrophasors’ time delays. We also propose different methods for combining two-delays attacks to produce a larger impact. We simulate the attacks on a benchmark power-transmission grid, we show that they are successful and can lead to physical grid damage. To prove undetectability, we use classic bad-data detection techniques such as the largest normalized residual and the ${\chi ^{2}}$ -test.

[1]  Jean-Yves Le Boudec,et al.  Cyber-attack on packet-based time synchronization protocols: The undetectable Delay Box , 2016, 2016 IEEE International Instrumentation and Measurement Technology Conference Proceedings.

[2]  Kameshwar Poolla,et al.  Smart grid data integrity attacks: characterizations and countermeasuresπ , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[3]  Yaakov Bar-Shalom,et al.  Tracking with debiased consistent converted measurements versus EKF , 1993 .

[4]  Hadi Saadat,et al.  Power System Analysis , 1998 .

[5]  Akiko Takeda,et al.  Cyber Security Analysis of Power Networks by Hypergraph Cut Algorithms , 2015, IEEE Transactions on Smart Grid.

[6]  Lang Tong,et al.  Malicious Data Attacks on the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[7]  Yawen Fan,et al.  A Cross-Layer Defense Mechanism Against GPS Spoofing Attacks on PMUs in Smart Grids , 2015, IEEE Transactions on Smart Grid.

[8]  Paolo Attilio Pegoraro,et al.  Effects of Measurements and Pseudomeasurements Correlation in Distribution System State Estimation , 2014, IEEE Transactions on Instrumentation and Measurement.

[9]  Styliani Sarri,et al.  Methods and Performance Assessment of PMU-based Real-Time State Estimation of Active Distribution Networks , 2016 .

[10]  A. Conejo,et al.  Power System State Estimation Considering Measurement Dependencies , 2009, IEEE Transactions on Power Systems.

[11]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[12]  Henrik Sandberg,et al.  Stealth Attacks and Protection Schemes for State Estimators in Power Systems , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[13]  K. R. Padiyar,et al.  ENERGY FUNCTION ANALYSIS FOR POWER SYSTEM STABILITY , 1990 .

[14]  Alejandro D. Dominguez-Garcia,et al.  On the failure of power system automatic generation control due to measurement noise , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.

[15]  Arun G. Phadke,et al.  Synchronized phasor measurements in power system , 1993 .

[16]  Gérard Lachapelle,et al.  GPS Vulnerability to Spoofing Threats and a Review of Antispoofing Techniques , 2012 .

[17]  Wei Yu,et al.  On time desynchronization attack against IEEE 1588 protocol in power grid systems , 2013, 2013 IEEE Energytech.

[18]  Alejandro D. Dominguez-Garcia,et al.  Spoofing GPS Receiver Clock Offset of Phasor Measurement Units , 2013, IEEE Transactions on Power Systems.

[19]  Kang Lee,et al.  IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems , 2002, 2nd ISA/IEEE Sensors for Industry Conference,.

[20]  Lin Zhang,et al.  Design, Testing, and Implementation of a Linear State Estimator in a Real Power System , 2017, IEEE Transactions on Smart Grid.

[21]  A. Monticelli,et al.  Electric power system state estimation , 2000, Proceedings of the IEEE.

[22]  Henrik Sandberg,et al.  Network-Aware Mitigation of Data Integrity Attacks on Power System State Estimation , 2012, IEEE Journal on Selected Areas in Communications.

[23]  Ryszard J. Katulski,et al.  Accuracy of differential phase delay estimation for GPS spoofing detection , 2013, 2013 36th International Conference on Telecommunications and Signal Processing (TSP).

[24]  Karl Henrik Johansson,et al.  Distributed fault detection for interconnected second-order systems , 2011, Autom..

[25]  Jianhui Wang,et al.  A Probabilistic Risk Mitigation Model for Cyber-Attacks to PMU Networks , 2015, IEEE Transactions on Power Systems.

[26]  M. Pau,et al.  WLS distribution system state estimator based on voltages or branch-currents: Accuracy and performance comparison , 2013, 2013 IEEE International Instrumentation and Measurement Technology Conference (I2MTC).

[27]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[28]  Husheng Li,et al.  Time Synchronization Attack in Smart Grid: Impact and Analysis , 2013, IEEE Transactions on Smart Grid.

[29]  Panganamala Ramana Kumar,et al.  Fundamental Limits on Synchronizing Clocks Over Networks , 2011, IEEE Transactions on Automatic Control.

[30]  A. G. Expósito,et al.  Power system state estimation : theory and implementation , 2004 .

[31]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .

[32]  P. S. Georgilakis,et al.  Taxonomy of PMU Placement Methodologies , 2012, IEEE Transactions on Power Systems.

[33]  M.E. Baran,et al.  A branch-current-based state estimation method for distribution systems , 1995 .