Security of Time Synchronization for PMU-based Power System State Estimation: Vulnerabilities and Countermeasures
Time: Mon 2021-11-29 14.00
Location: Kollegiesalen Zoom link: https://kth-se.zoom.us/j/66718887877?pwd=Vk93U0FiQjMvbzBWaVVsN3kyRTd0dz09, Brinellvägen 8, Stockholm, Sweden
Subject area: Electrical Engineering
Doctoral student: Ezzeldin Shereen , Nätverk och systemteknik
Opponent: Professor Joe H. Chow, Rensselaer Polytechnic Institute,Troy, New York, USA
Supervisor: Professor György Dán, Nätverk och systemteknik
Phasor Measurement Units (PMUs) constitute an emerging technology that is essential for various smart grid applications such as phase angle monitoring, power oscillation damping, fault localization, and linear state estimation. To obtain precise PMU measurements of voltage and current phasors, time synchronization in the order of 1 microsecond is typically required. Nevertheless, time synchronization sources for PMUs, such as GPS satellites and Precision Time Protocol (PTP), are vulnerable to Time Synchronization Attacks (TSAs). A TSA can disrupt time synchronization, resulting in malicious phase angle measurements, potentially leading to serious consequences to the stability of the power grid. Moreover, sophisticated attackers may be able to develop undetectable TSAs that would lead to incorrect but credible estimates of the system state, which will bypass traditional Bad Data Detection (BDD) algorithms employed in the grid. Therefore, the detection and mitigation of such undetectable TSAs is of utmost importance for power system operators.
The first part of this thesis explores the threat of undetectable TSAs by investigating their practical feasibility. We provide necessary and sufficient conditions for a set of PMUs to be vulnerable to undetectable TSAs and provide an efficient algorithm to compute attacks against any number of vulnerable PMUs. Furthermore, we show that the set of undetectable TSAs forms a continuum if at least three vulnerable PMUs are targeted by the attack. This fact can be exploited by an attacker to develop low-rate attacks that would adapt to the clock servo that controls the PMU clock, and would bypass typical change detection-based security solutions. The feasibility of computing undetectable TSAs was demonstrated using realistic PMU data and a widely-used clock servo implementation.
The second part of this thesis considers the detection of TSAs. To this end, we proposed three detection approaches focusing on various aspects of PMU and power grid operations. The first proposed approach is decentralized, and attempts to detect TSAs at every PMU individually by leveraging the dependence between the PMU clock state and the measured phasor. The approach is based on the observation that a TSA changes the correlation between the PMU clock frequency adjustments and the change in the measured phase angle. We proposed model-based and data-driven machine learning-based TSA detectors exploiting the change in correlation. Using extensive simulations and realistic PMU clock models, the proposed detectors were shown to perform well even for relatively low-rate attacks. The second proposed approach is centralized and is based on performing state estimation using the complete three-phase model instead of the simpler and more widely-used direct-sequence equivalent model. Our analytical results and extensive simulations showed that three-phase state estimators are significantly more resilient to TSAs compared to single-phase state estimators in unbalanced three phase systems. The third proposed approach is based on the framework of Graph Signal Processing (GSP) in power systems. We showed that by regarding the system state as a graph signal, the low-dimensional structure of the PMU measurements and the system state can be exploited for TSA detection. Based on GSP, we proposed a high-pass graph filter as well as machine learning classifiers utilizing GSP features, both showing superior performance not only in detecting the presence of a TSA, but also in localizing the attacked PMUs.
The third and final part of the thesis considers the mitigation of TSAs, with special focus on PTP networks. In this regard, we investigated recently standardized authentication schemes in PTPv2.1 and their effect on both the synchronization accuracy and network latency in an experimental testbed. The results showed that the authentication schemes pose no significant overhead on the synchronization accuracy or the network latency. Moreover, the cost considerations of PTP authentication were investigated by considering the partial application of the authentication schemes to a PTP network only in the parts that are vulnerable to undetectable TSAs, thus combining TSA mitigation and detection. We showed that the problem of mitigating undetectable TSAs at minimum cost is NP-hard. We formulated the problem as an integer linear program and proposed two approximation algorithms based on linear relaxation and a greedy heuristic. Through extensive simulations on both synthetic graphs and realistic IEEE benchmark power system graphs, we showed that our proposed algorithms, combining both state estimation and PTP authentication, can dramatically reduce the cost of mitigating TSAs.
The TSA detection and mitigation approaches presented in this thesis constitute a step towards secure and reliable time synchronization for PMU applications and a more resilient smart grid infrastructure.