Professional Documents
Culture Documents
Multi-Period Power System State Estimation With Pmus Under Gps Spoofing Attacks
Multi-Period Power System State Estimation With Pmus Under Gps Spoofing Attacks
Abstract—
—This paper introduces a dynamic network model to‐ the network. Thus, state estimation (SE) routines are per‐
gether with a phasor measurement unit (PMU) measurement formed to gain the visibility of the network. According to
model suitable for power system state estimation under spoof‐ [1], scenario WAMPAC. 12: GPS Time Signal Compromise
ing attacks on the global positioning system (GPS) receivers of
PMUs. The spoofing attacks may introduce time-varying phase highlights the vulnerability of PMUs to GPS spoofing at‐
offsets in the affected PMU measurements. An algorithm is de‐ tacks. In particular, GPS spoofing is a class of cyber attacks
veloped to jointly estimate the state of the network, which in which the attacker mimics the GPS signals in order to al‐
amounts to the nodal voltages in rectangular coordinates, as ter the GPS time estimated by the GPS receiver of the PMU
well as the time-varying attacks. The algorithm features closed- [2]. This attack is also called time synchronization attack
form updates. The effectiveness of the algorithm is verified on
the standard IEEE transmission networks. It is numerically
(TSA), since it induces erroneous time stamps, thereby in‐
shown that the estimation performance is improved when the ducing wrong phase angle in the PMU measurements.
dynamic network model is accounted for compared with a pre‐ Various threat scenarios, security gaps, and mitigation
viously reported static approach. strategies in relation to TSAs have been assessed in [3] and
Index Terms——Dynamic state equation, global positioning sys‐ [4]. Specific selected works representing effects and mitiga‐
tem (GPS) spoofing, phasor measurement unit (PMU), state esti‐ tion of GPS spoofing attacks in power systems include [5] -
mation, time synchronization, weighted least squares. [20] and these are reviewed next.
A set of studies has investigated the operation at the GPS
receiver level and developed methods to detect GPS spoof‐
I. INTRODUCTION ing and if possible, to provide accurate timing to the PMU.
upgraded to account for GPS spoofing attacks on PMUs. criterion optimization problem, where the measurement and
Specifically, distributed estimation of power system oscilla‐ dynamic state equations are contributing to the overall objec‐
tions under GPS spoofing attacks is developed in [15]. Pow‐ tive function. The states and attack angles are optimization
er system SE resilient to a spoofing attack on a single PMU variables and the resulting problem is nonconvex. The sec‐
is furnished in [16], with further computational refinements ond contribution is developing an AM algorithm to compute
presented in [17]. In our previous work [18], an alternating the solution of the SE problem. The algorithm features
minimization (AM) algorithm to jointly perform SE and at‐ closed-form updates and extends the one in [18] to the dy‐
tack phase angle reconstruction is developed. A sparse error namic case. The effectiveness of the proposed algorithm is
correction for PMU data under GPS spoofing attacks is pre‐ demonstrated on standard IEEE transmission networks. Two
sented in [19]. A novel GPS spoofing identification and cor‐ types of realistic attacks are applied [35], namely, one that
rection algorithm for SE in unbalanced distribution grids is shows up suddenly (step attack), and the other that is ramp‐
developed in [20]. References [16] - [20] pertain to a static ing. The third contribution is numerically demonstrating that
SE setup, whereby a set of measurements from a particular the performance of the multi-period SE is superior to prior
time instant is processed to produce a state estimate corre‐ work that only considers the static nature of voltages, com‐
sponding to that time instant. A dynamic SE model under pared to the presented formulations that consider the voltage
GPS spoofing based on the swing equation is introduced in dynamics.
[21], where the presence of attack is detected using a gener‐ The remainder of this paper is organized as follows. Sec‐
alized likelihood ratio test. tion II details the system and attack models. The SE prob‐
The effect of GPS spoofing on PMU measurements bears lem is formulated in Section III. The iterative solver is devel‐
some resemblance to the problem of imperfect PMU syn‐ oped in Section IV. Numerical tests and conclusions are pre‐
chronization [22]. The similarity amounts to the fact that im‐ sented in Sections V and VI, respectively.
perfect synchronization induces a time offset in the PMU
measurement that in effect translates to a phase offset in the II. SYSTEM AND ATTACK MODELS
measured voltage or current phasor. The chief difference is This section describes the multi-period state and measure‐
that the phase offset is typically much smaller in case of im‐ ment model with and without TSAs on PMU measurements.
perfect synchronization, as opposed to GPS spoofing. The
latter condition enables the use of small angle approxima‐ A. Attack-free Dynamic Model
tions [23]-[25] which are not generally valid under spoofing Consider a power network with N b buses connected via N l
attacks. When dynamic state models with imperfect synchro‐ transmission lines. Let Nn be the set of buses connected to
nization are considered, it is assumed that the availability of bus n, and define L n = |Nn| as the number of lines connected
GPS restores the synchronization [26], which is a situation to bus n. The nodal voltage at bus n and discrete time period
that is not tenable under GPS spoofing. k is written in complex, rectangular, and polar forms as V nk =
Based on a dynamic model for the power system state, jθ
V nkr + jV nki = |V nk|e , where V nkr and V nki are the real and
nk
this paper develops an SE algorithm that furnishes the phase imaginary parts of the nodal voltage, respectively; and θ nk is
offsets induced by GPS spoofing across time, in addition to the phase of the nodal voltage. The dynamic equation de‐
the power system state. There are two approaches to dynam‐ scribing the state evolution over discrete time periods in‐
ic SE depending on the definition of the state vector [27], dexed by k follows a random walk model:
and representative references specifically featuring PMU
v k = v k - 1 + w k k = 12K (1)
measurements are mentioned next. The first approach fea‐ 2N b ´ 1
tures bus voltages as state variables, and the corresponding where v k =[v Tkr v Tki ]T Î R is the system state vector at
simplest dynamic model boils down to a random walk [28]- time k, and vectors v kr and v ki collect the real and imaginary
[30]. In the second approach, dynamic models of generators parts of nodal voltages V nkr and V nki for n = 12N b, re‐
are considered, wherein rotor angles and rotor speeds are the spectively; w k is the state noise, which follows a Gaussian
state variables, following the swing equation [21], [31]-[33]. distribution, that is, w k N(0Q k ), and Q k is a positive defi‐
It is worth noting that when the states are the voltages ex‐ nite covariance matrix at time k; and K is a generic terminal
pressed in rectangular coordinates and PMU measurements time through which SE is to be performed. The duration of
are used, SE can be performed efficiently by (linear) weight‐ time period k is given by the sampling period T s. The typical
ed least squares or the Kalman filter, whose performance is sampling frequency for PMUs ranges between 30 and 120
thoroughly analyzed in [28]. Depending on the variability of samples per second, yielding a sampling period T s of approx‐
power injections, it is also possible to partition the network imately 8-33 ms. The model in (1) is appropriate for the sys‐
into three areas, i.e., steady, quasi-steady, and fluctuant, and tems where the network dynamics are slow enough com‐
perform a multi-time scale SE [34]. pared to the duration of the sampling period [28].
This paper adopts the random walk model for the network PMUs are installed on the selected buses of the network,
voltage states [28]. The first contribution is deriving a state and a n is a binary indicator equal to 1 if a PMU is installed
and measurement model that explicitly models the GPS at bus n and 0 otherwise. Vector a collects a n for n =
spoofing attack angles. The attack may be time varying and 12N b. The set of buses where PMUs are installed is de‐
start at an unknown time, but these characteristics are consid‐ noted by NPMU = {n Î {12N b } | a n = 1} = {n 1 n 2 n P},
ered in the model. The multi-period SE is formulated as a bi- where P is the number of PMUs installed in the network.
RISBUD et al.: MULTI-PERIOD POWER SYSTEM STATE ESTIMATION WITH PMUS UNDER GPS SPOOFING ATTACKS 599
A PMU installed at bus n measures, for all time periods k, model that relates the attacked measurements with the net‐
the complex nodal voltage as well as the complex currents work state and the attack in period k. To this end, it is as‐
on all lines that bus n is connected to. This collection of sumed that δ n (t) T s. This assumption is valid as experimen‐
measured quantities (in rectangular coordinates) at bus n for tally demonstrated. Other realistic attacks reported in [10],
2(1+ L )
time k is concatenated in a vector z nk Î R . To make the
n
[12], [13] depict attack angles Dθ nk of 70°, 52° and 60°, re‐
notation more compact, define M n = 2(1+ L n ) as the number spectively. The corresponding delay of the attack is 3.2 ms,
of distinct real quantities measured by the PMU at bus n for 2.4 ms, and 2.8 ms, respectively, which is indeed smaller
time k. than T s. The following theorem characterizes the relationship
It is convenient for subsequent developments to consider between the measurement vector, the true state, and the at‐
M
the noiseless version of z nk, which is denoted by z nk true
ÎR : n
tack at time k.
é V nkr ù é |V nk| cos(θ nk ) ù Theorem 1 The TSA measurement equation at discrete
ê V ú ê |V | sin(θ ) ú period k is given as:
ê nki ú êê nk nk úú
true
z nk = ê{I npkr} p Î N ú = êê{|I | cos(θ )} úú (2) atk
z nk = Γ nk H n v k + ε nk (5)
ê n
ú êê npk I npk pÎN ú
ú n
Mn
ê{I } ú ê ú where z nk atk
Î R is the attacked measurement vector; and
ë npki p Î N û ë{|I npk| sin(θ I )} p Î N û
n npk n
Γ nk Î R
M ´M
n n
is a block diagonal matrix consisting of 1+ L n
where I npkr and I npki are the real and imaginary parts of the blocks where each block is a 2´ 2 ma‐
complex current flowing on line (np) for time k, respective‐ écos(Dθ nk ) -sin(Dθ nk )ù
trix ê ú.
ly; and |I npk| and θ I are the corresponding current magni‐
npk ë sin(Dθ nk ) cos(Dθ nk ) û
tude and phase, respectively. Proof The attacked instantaneous voltage at t = kT s is
To summarize, the noiseless quantities measured at bus v n (kT s + δ n (kT s )) = Re{ 2 V n (kT s + δ n (kT s ))e
j2πf (kT s + δ n (kT s ))
} (6)
n Î NPMU, for discrete time k = 12K, comprise of the real
and imaginary parts of the nodal voltage, appended by the Considering that δ n (t) T s and the network dynamics
real and imaginary parts of the complex currents injected to evolve slowly with respect to the sampling period T s, the
all lines connected to bus n for time k. Using the bus admit‐ voltage phasor at t + δ n (t) can be approximated as V n (t +
tance matrix of the network, z nk true
can be written as a linear δ n (t)) » V n (t) [21]. Invoking the latter into (6), it follows that
function of the system state v k as z nk true
= H n v k. The correspond‐ j2πf (kT s + δ nk )
v n (kT s + δ n (kT s )) » Re{ 2 V n (kT s )e }=
ing noisy measurement equation evolving over k discrete
j2πfδ nk j2πf (kT s )
time periods is given as: Re{ 2 V nk e e } (7)
z nk = H n v k + ε nk n Î NPMU k = 12K (3) Equation (7) reveals that the measured phasor is
where ε nk N(0Σ nk ), and Σ nk is a positive definite measure‐ V nk e
j2πfδ nk
= |V nk|e
jθ nk jDθ nk
e = |V nk|e
j(θ nk + Dθ nk )
(8)
ment noise covariance matrix at time k; and the construction
M ´ 2N Extracting the real and imaginary parts of the latter, and
of H n Î R n
is provided in [36], [37].
b
ê{|I | sin(θ + Dθ )} ú
ous time t. The phasor is time-dependent to allow for de‐ ë npk I nk pÎN
npkû n
where the norm notation ||x|| 2P = x T Px is used. The initial A. Minimization with Respect to State
2N
state vector v 0 Î R b is considered known, which is an as‐ In order to derive the update for v, the objectives J 1 and
sumption akin to typical multi-period estimation setups that J 2 are re-written as explicit functions of the vector v instead
rely on, for example, the Kalman filter. of v k. Specifically, J 1 is written as:
k=2
k ) (17)
2N b ´ 2N b K 2N b ´ 2N b K
form ê ú. The variables Γ nk and γ nk are thus used where E Î R and A k Î R (k = 23K) are ma‐
ëγ nk2 γ nk1 û trices such that v 1 = Ev and v k - v k - 1 = A k v. Specifically, ma‐
interchangeably. trix E includes the identity matrix in the top 2N b ´ 2N b diago‐
In order to uniquely map the vector γ nk back to an angle nal block and is zero otherwise. Matrix A k is constructed as
Dθ nk, it is necessary and sufficient to impose the constraint a fat matrix with negative identity matrix at the (k - 1) th
γ Tnk γ nk = 1. Define γ as the vector including γ nk for all block and identity matrix at the k th block.
n Î NPMU, k = 12K. Then, problem (10) becomes equiva‐ The minimization with respect to v is an unconstrained
lent to the following: minimization with a convex quadratic objective function.
(v̂ γ̂ ) = argmin (J 1 (vγ) + J 2 (v)) (14) The solution is obtained by solving the first-order optimality
vγ
condition Ñ v J(v) = 0 and is given as:
s.t.
é Nb K ù
γ Tnk γ nk = 1 n Î NPMU k = 12K
(15) v̂ AM = M -1 êê∑∑a n (Γ nk H n B k )T Σ nk
-1 atk
1 v0ú
z nk + E T Q -1 ú (18)
In order to facilitate the development of an algorithm for ën = 1 k = 1 û
1 E + ∑A k Q k A k +
the solution of (3), it is supposed that the following condi‐ K
k=2
Assumption 1 The matrix [H nT H nT H nT ]T is full col‐
∑∑a
1 2 P Nb K
-1
umn-rank. n (Γ nk H n B k )T Σ nk Γ nk H n B k (19)
This assumption pertains to the observation matrix corre‐ n= 1 k = 1
sponding to all PMU measurements. It ensures that under The following result asserts that matrix M is indeed invert‐
normal operation (i. e., no spoofing), the power network is ible.
observable and the SE problem has a unique solution [38]. Theorem 2 Given that Assumption 1 holds and the en‐
This condition is readily satisfied with proper placement of tries in γ satisfy (15), then matrix M is invertible.
PMUs, a topic that has been well researched in the literature. Proof It follows by the structure of M and the positive
The transformation of the original unconstrained nonlinear definiteness of Q k and Σ nk that M is positive semidefinite.
problem (10) into the nonconvex quadratically constrained We will show that the third term comprising M is full-rank,
RISBUD et al.: MULTI-PERIOD POWER SYSTEM STATE ESTIMATION WITH PMUS UNDER GPS SPOOFING ATTACKS 601
and therefore, M is invertible. The third term in M can be written as shown in (20).
T T
é H n1 ù éΓ n1 k 0 0 ù éΣ-1
n 1 k 0 0 ù éΓ n1 k 0 0 ù é H n1 ù
ê ú ê ú ê úê úê ú
êHn ú êê 0 0 úú ê 0 Σ n-12 k 0 ú êê 0 0 úú êê H n2 úú
∑
K Γ n2 k Γ n2 k
B Tk êêê 2 úúú êê úú ê
ê
úê
úê
úú êê úú B k (20)
êê úú êê úú ú êê úú êê úú
k=1
ê
êH ú ê 0 0 Γ nP k úû ê 0 0 Σ n-1P k úû êë 0 0 Γ nP k úû êëH nP úû
ë nP û ë ë
The central matrix in (20) is full-rank because the convari‐ equal variances for the real and imaginary parts correspond‐
ance matrices Σ nk are positive definite. The matrices Γ nk are ing to each measurement, that is, the diagonal entries of Σ nk
full-rank as long as the entries in γ satisfy (15). Finally, the satisfy the following for all n and k:
matrix consisting of the H n is full-rank due to Assumption
i ìσ nk1
2
= σ nk2
2
{
Algorithm 1: SE and attack reconstruction
min
γ
atk
[(z nk - Γ nk H n v k )T Σ nk
-1 atk
(z nk - Γ nk H n v k )] Result: state estimate v̂ AM and attack angle Dθ nk, n Î NPMU, k = 12K
(21)
nk
atk
Input: z nk
s.t. γ Tnk γ nk = 1
Initialization: solve (18) for v̂ AM by setting γ nk =[10]T
Considering that v k is not a variable in (21), the objective repeat
in (21) can be rearranged as follows:
{
for k = 12K do
min
γ
[(z nkatk
- A͂ nk γ nk )T Σ nk
-1 atk
(z nk - A͂ nk γ nk )] for n Î NPMU do
(22) Find the corresponding γ̂ nk via (25)
nk
rithm 1 can be applied to provide state estimates for {L - K + network are presented. The true and estimated voltage magni‐
1L - K + 2L}, where the value v L - K available from the tudes and phase angles at bus 2 of the IEEE 14- and 118-
previous window plays the role of the known v 0 for the cur‐ bus networks across the time horizon are given in Fig. 1 and
rent window. Thus, the windows may be overlapping, and Fig. 2, respectively (bus 2 is not attacked). It is observed
the process continues. that estimated values closely follow the corresponding true
values. Figures 3 and 4 depict the true and estimated attack
V. NUMERICAL TESTS angles at buses 14 and 7, respectively, for the Type I and II
attacks in the IEEE 14- and 118-bus networks. It is observed
This section presents the state and attack angle estimation
that the estimated attack angles closely follow their true val‐
tests using the AM algorithm. The numerical tests are per‐
ues.
formed on the standard IEEE 14- and 118-bus systems. All
network parameters are provided in case files case14.m and 1.07 -0.04
0.6 0.6
The PMU sampling rate is set to 30 samples per second.
The simulation considers a time horizon of 35 s. Two realis‐ 0.4 0.4
tic attacks, namely, Type I (step) and Type II (ramp) are per‐ 0.2 0.2
formed [35]. The AM algorithm is first tested with attacks 0 0
on the PMUs located at buses 14 and 7 of the IEEE 14- and
-0.2 -0.2
118-bus networks, respectively. 0 7 14 21 28 35 0 7 14 21 28 35
The Type I attack occurs suddenly at a particular time in‐ Time (s) Time (s)
(a) (b)
stant and remains constant thereafter. In this test, a Type I at‐
Fig. 3. True and estimated Type I and Type II attack angles at bus 14 in
tack of 0.5787° appears at 30 s [12]. It is customary in the
IEEE 14-bus network across time horizon. (a) Type I. (b) Type II.
GPS community to also express the attack in meters by mul‐
tiplying the time offset of the attack by the speed of light c = 0.8 True 0.8 True
3´ 108 m/s; the particular attack is thus 8000 m. The value Estimated Estimated
Attack angle (°)
0.6 0.6
of the attack is chosen so that the measurement exceeds the 0.4 0.4
total variation error of 1% specified by the IEEE C37.118
0.2 0.2
standard [42]. The Type II attack changes gradually through
time. For the attack to be successful, it cannot exceed the 0 0
distance-equivalent velocity of 400 m/s [10]. Adhering to -0.2 -0.2
0 7 14 21 28 35 0 7 14 21 28 35
this value, the attack in this test starts at 10 s from value 0 Time (s) Time (s)
m and gradually increases to 1000 m at 35 s. (a) (b)
To demonstrate the effectiveness of the algorithm, repre‐ Fig. 4. True and estimated Type I and Type II attack angles at bus 7 in
sentative results pertaining to individual buses and the entire IEEE 118-bus network across time horizon. (a) Type I. (b) Type II.
RISBUD et al.: MULTI-PERIOD POWER SYSTEM STATE ESTIMATION WITH PMUS UNDER GPS SPOOFING ATTACKS 603
The relative voltage error is defined as ||v̂ k - v k|| 2 ||v k|| 2, erage of the voltage phase angle of a bus across the time ho‐
where v̂ k and v k are the state vector estimated with Algo‐ rizon, computed from the random walk model of the voltage
rithm 1 and its true value at period k, respectively. The rela‐ state. Tables II and III list the mean voltage phase angle for
tive voltage error for the IEEE 14- and 118-bus networks the attacked bus and the resulting mean relative voltage er‐
across the time horizon is depicted in Fig. 5. The relative er‐ ror for the IEEE 14-bus network with Type I attacks of
ror is of the order of 10-3 and 10-4 for the IEEE 14- and 118- 0.5787° and 5° , respectively. The corresponding values for
bus networks, respectively. The error in attack angles is de‐ the IEEE 14-bus network with Type II attack are given in Ta‐
fined as ||Dθ̂ k - Dθ k|| 2 P, where Dθ̂ k and Dθ k are the attack ble IV. Tables V-VII list the mean voltage phase angle for
the attacked bus and the resulting mean relative voltage er‐
angle vector resulting from Algorithm 1 and its true value at
ror for the IEEE 118-bus network under Type I and Type II
period k, respectively. Figure 6 depicts the attack angle er‐
rors for Type I and Type II attacks in the IEEE 14-bus net‐ attacks. The values for the mean voltage phase angle and
work. Likewise, Fig. 7 shows the attack angle errors for mean relative voltage error in Tables II-VII are computed
both types of attacks in the IEEE 118-bus network. from single run of the algorithm. However, these values vary
only slightly across multiple runs of the algorithm. The re‐
Relative voltage error (10 )
1.2 3.0
1.0 rithm is not sensitive to the location of the attack, the volt‐
2.5
0.8 age phase angle of the attacked bus, or the attack size.
0.6 2.0 TABLE II
0.4 MEAN RELATIVE VOLTAGE ERROR AND MEAN VOLTAGE PHASE ANGLE FOR
1.5
0.2 IEEE 14-BUS NETWORK WITH TYPE I ATTACK OF 0.5787°
1.0
0 7 14 21 28 35 0 7 14 21 28 35 Mean voltage phase Mean relative voltage
Time (s) Time (s) Attacked bus number
angle (°) error
(a) (b)
2 -5.0255 0.00044492
Fig. 5. Relative voltage errors for IEEE 14- and 118-bus networks across
4 -10.1426 0.00044767
time horizon. (a) IEEE 14-bus network. (b) IEEE 118-bus network.
6 -14.0238 0.00045789
0.05 0.05 14 -15.8632 0.00042576
Relative attack
Relative attack
angle error (°)
0.04 0.04
TABLE III
0.03 0.03
MEAN RELATIVE VOLTAGE ERROR AND MEAN VOLTAGE PHASE ANGLE FOR
0.02 0.02 IEEE 14-BUS NETWORK WITH TYPE I ATTACK OF 5°
0.01 0.01
Mean voltage phase Mean relative voltage
Attacked bus number
0 7 14 21 28 35 0 7 14 21 28 35 angle (°) error
Time (s) Time (s) 2 -5.3773 0.00043858
(a) (b)
4 -10.1261 0.00044767
Fig. 6. Type I and Type II attack angle errors for IEEE 14-bus network 6 -14.7917 0.00044817
across time horizon. (a) Type I. (b) Type II.
14 -17.5053 0.00044040
Relative attack angle error (°)
K∑
1 K
||v̂ k - v k|| 2 ||v k|| 2. The mean voltage phase angle is the av‐ and attack on bus 14. The relative voltage error and attack
k=1 angle error have been previously defined, while the state er‐
604 JOURNAL OF MODERN POWER SYSTEMS AND CLEAN ENERGY, VOL. 8, NO. 4, July 2020
ror norm depicted in Fig. 9 is defined as ||v̂ k - v k|| 2. In the produce the sequence of state estimates v̂ k. Figure 11 depicts
Type I attack error plots, the error in single-period SE is the resulting state error norm for the Kalman filter and Algo‐
higher than that in multi-period SE before the attack occurs rithm 1. It is observed that at the onset of the attack and
(at 30 s). Due to the step attack, the error in multi-period SE thereafter, the Kalman filter yields larger state error norm
increases, but remains overall less than that in single-period than Algorithm 1 for both of the attack types. This is to be
SE. In Type II attack error plots, the error in single-period expected, as the Kalman filter is not designed to mitigate
SE is greater than that in multi-period SE. spoofing attacks.
TABLE V 0.012 Single-period SE 0.010 Single-period SE
80 27.3213 0.00017176 0 7 14 21 28 35 0 7 14 21 28 35
Time (s) Time (s)
(a) (b)
TABLE VII
MEAN RELATIVE VOLTAGE ERROR AND MEAN VOLTAGE PHASE ANGLE FOR Fig. 10. Relative voltage error and attack angle error for Type II attack in
IEEE 118-BUS NETWORK WITH TYPE II ATTACK IEEE 14-bus network across time horizon. (a) Relative voltage error. (b) At‐
tack angle error.
Algorithm 1 Algorithm 1
7 13.0204 0.00016892 0.08 0.08
50 20.8746 0.00017052 0.06 0.06
60 22.0586 0.00017233 0.04 0.04
80 27.8337 0.00017249
0.02 0.02
Relative attack angle error (°)
0 10 20 30 40 0 10 20 30 40
0.003 Single-period SE 0.06 Single-period SE Time (s) Time (s)
Relative voltage error
applicable to networks whose dynamics are slow enough IEEE PES General Meeting, Portland, USA, Aug. 2018, pp. 1-5.
[18] P. Risbud, N. Gatsis, and A. Taha, “Vulnerability analysis of smart
compared to the sampling period, while relying on the condi‐ grids to GPS spoofing,” IEEE Transactions on Smart Grid, vol. 10,
tion that the delay induced by spoofing attack is smaller no. 4, pp. 3535-3548, Jul. 2019.
than the sampling period. It is an interesting direction to de‐ [19] S. D. Silva, T. Hagan, J. Kim et al., “Sparse error correction for PMU
data under GPS spoofing attacks,” in Proceedings of IEEE Global
velop models for dynamic SE under spoofing attacks in Conference on Signal and Information Processing, Anaheim, USA,
more general setups. Furthermore, power networks may have Nov. 2018, pp. 902-906.
available readings from SCADA and PMU systems. Develop‐ [20] Y. Zhang, J. Wang, and J. Liu, “Attack identification and correction
for PMU GPS spoofing in unbalanced distribution systems,” IEEE
ing algorithms for mitigating spoofing attacks in networks Transactions on Smart Grid, vol. 11, no. 1, pp. 762-773, Jan. 2020.
where both types of measurements are combined is an addi‐ [21] P. Pradhan, K. Nagananda, P. Venkitasubramaniam et al., “GPS spoof‐
tional research direction. ing attack characterization and detection in smart grids,” in Proceed‐
ings of IEEE Conference on Communications and Network Security,
Philadelphia, USA, Oct. 2016, pp. 391-395.
REFERENCES [22] P. Castello, C. Muscas, P. Pegoraro et al., “Trustworthiness of PMU
data in the presence of synchronization issues,” in Proceedings of
[1] T. Popovic, C. Blask, M. Carpenter et al., “Electric sector failure sce‐
IEEE International Instrumentation and Measurement Technology Con‐
narios and impact analyses–version 3.0,” Electric Power Research In‐
ference, Houston, USA, May 2018, pp. 1-5.
stitute, Washington, Tech. Rep., Dec. 2015.
[23] P. Yang, Z. Tan, A. Wiesel et al., “Power system state estimation us‐
[2] A. Jafarnia-Jahromi, A. Broumandan, J. Nielsen et al., “GPS vulnera‐
ing PMUs with imperfect synchronization,” IEEE Transactions on
bility to spoofing threats and a review of anti spoofing techniques,” In‐
Power Systems, vol. 28, no. 4, pp. 4162-4172, Nov. 2013.
ternational Journal of Navigation and Observation, vol. 2012, pp. 1-
[24] J. Du, S. Ma, Y. Wu et al., “Distributed Bayesian hybrid power state
16, May 2012.
estimation with PMU synchronization errors,” in Proceedings of IEEE
[3] D. Schmidt, K. Radke, S. Camtepe et al., “A survey and analysis of Global Communications Conference, Austin, USA, Dec. 2014, pp.
the GNSS spoofing threat and countermeasures,” ACM Computing Sur‐ 3174-3179.
veys, vol. 48, no. 4, pp. 1-31, May 2016. [25] J. A. Bazerque, U. Ribeiro, and J. Costa, “Synchronization of phasor
[4] B. Moussa, M. Debbabi, and C. Assi, “Security assessment of time measurement units and its error propagation to state estimators,” in
synchronization mechanisms for the smart grid,” IEEE Communica‐ Proceedings of IEEE PES Innovative Smart Grid Technologies Latin
tions Surveys Tutorials, vol. 18, no. 3, pp. 1952-1973, Feb. 2016. America, Montevideo, Uruguay, Oct. 2015, pp. 508-513.
[5] L. Heng, J. J. Makela, A. D. Dominguez-Garcia et al., “Reliable GPS- [26] M. Todescato, R. Carli, L. Schenato et al., “PMUs clock desynchroni‐
based timing for power systems: a multi-layered multi-receiver archi‐ zation compensation for smart grid state estimation,” in Proceedings
tecture,” in Proceedings of Power and Energy Conference at Illinois, of IEEE Conference on Decision and Control, Melbourne, Australia,
Champaign, USA, Feb. 2014, pp. 1-7. Dec. 2017, pp. 793-798.
[6] D. Chou, L. Heng, and G. Gao, “Robust GPS-based timing for phasor [27] L. Hu, Z. Wang, I. Rahman et al., “A constrained optimization ap‐
measurement units: a position-information-aided approach,” in Pro‐ proach to dynamic state estimation for power systems including PMU
ceedings of 27th International Technical Meeting of the Satellite Divi‐ and missing measurements,” IEEE Transactions on Control Systems
sion of the Institute of Navigation, Tampa, USA, Sept. 2014, pp. 1261- Technology, vol. 24, no. 2, pp. 703-710, Mar. 2016.
1269. [28] S. Sarri, L. Zanni, M. Popovic et al., “Performance assessment of lin‐
[7] D.-Y. Yu, A. Ranganathan, T. Locher et al., “Short paper: detection of ear state estimators using synchrophasor measurements,” IEEE Trans‐
GPS spoofing attacks in power grids,” in Proceedings of ACM Confer‐ actions on Instrumentation and Measurement, vol. 65, no. 3, pp. 535-
ence on Security and Privacy in Wireless & Mobile Networks, Oxford, 548, Mar. 2016.
United Kingdom, Jul. 2014, pp. 99-104. [29] M. B. D. C. Filho and J. C. S. de Souza, “Forecasting-aided state esti‐
[8] F. Zhu, A. Youssef, and W. Hamouda, “Detection techniques for data mation – part I: panorama,” IEEE Transactions on Power Systems,
level spoofing in GPS-based phasor measurement units,” in Proceed‐ vol. 24, no. 4, pp. 1667-1677, Nov. 2009.
ings of International Conference on Selected Topics in Mobile Wireless [30] A. Monticelli, “Electric power system state estimation,” Proceedings
Networking, Cairo, Egypt, Apr. 2016, pp. 1-8. of IEEE, vol. 88, no. 2, pp. 262-282, Feb. 2000.
[9] Y. Fan, Z. Zhang, M. Trinkle et al., “A cross-layer defense mechanism [31] J. Zhang, G. Welch, G. Bishop et al., “A two-stage Kalman filter ap‐
against GPS spoofing attacks on PMUs in smart grids,” IEEE Transac‐ proach for robust and real-time power system state estimation,” IEEE
tions on Smart Grid, vol. 6, no. 6, pp. 2659-2668, Nov. 2015. Transactions on Sustainable Energy, vol. 5, no. 2, pp. 629-636, Apr.
[10] D. P. Shepard, T. E. Humphreys, and A. A. Fansler, “Evaluation of the 2014.
vulnerability of phasor measurement units to GPS spoofing attacks,” [32] N. Zhou, D. Meng, Z. Huang et al., “Dynamic state estimation of a
International Journal of Critical Infrastructure Protection, vol. 5, no. synchronous machine using PMU data: a comparative study,” IEEE
3, pp. 146-153, Dec. 2012. Transactions on Smart Grid, vol. 6, no. 1, pp. 450-460, Jan. 2015.
[11] I. Akkaya, E. A. Lee, and P. Derler, “Model-based evaluation of GPS [33] J. Zhao, M. Netto, and L. Mili, “A robust iterated extended Kalman
spoofing attacks on power grid sensors,” in Proceedings of Workshop filter for power system dynamic state estimation,” IEEE Transactions
Modeling and Simulation of Cyber-Physical Energy Systems, Berkeley, on Power Systems, vol. 32, no. 4, pp. 3205-3216, Jul. 2017.
USA, May 2013, pp. 1-6. [34] Y. Guo, B. Zhang, W. Wu et al., “Multi-time interval power system
[12] X. Jiang, J. Zhang, B. J. Harding et al., “Spoofing GPS receiver clock state estimation incorporating phasor measurements,” in Proceedings
offset of phasor measurement units,” IEEE Transactions on Power Sys‐ of IEEE PES General Meeting, Denver, USA, Jul. 2015, pp. 1-5.
tems, vol. 28, no. 3, pp. 3253-3262, Aug. 2013. [35] A. Khalajmehrabadi, N. Gatsis, D. Akopian et al., “Realtime rejection
[13] Z. Zhang, S. Gong, A. D. Dimitrovski et al., “Time synchronization at‐ and mitigation of time synchronization attacks on the global position‐
tack in smart grid: impact and analysis,” IEEE Transactions on Smart ing system,” IEEE Transactions on Industrial Electronics, vol. 65, no.
Grid, vol. 4, no. 1, pp. 87-98, Mar. 2013. 8, pp. 6425-6435, Aug. 2018.
[14] J. G. Sreenath, S. Mangalwedekar, A. Meghwani et al., “Impact of [36] V. Kekatos, G. Giannakis, and B. Wollenberg, “Optimal placement of
GPS spoofing on synchrophasor assisted load shedding,” in Proceed‐ phasor measurement units via convex relaxation,” IEEE Transactions
ings of IEEE PES General Meeting, Portland, USA, Aug. 2018, pp. on Power Systems, vol. 27, no. 3, pp. 1521-1530, Aug. 2012.
1-5. [37] P. Risbud, N. Gatsis, and A. Taha, “Assessing power system state esti‐
[15] Y. Wang and J. P. Hespanha, “Distributed estimation of power system mation accuracy with GPS-spoofed PMU measurements,” in Proceed‐
oscillation modes under attacks on GPS clocks,” IEEE Transactions ings of 7th IEEE Conference on Innovative Smart Grid Technologies,
on Instrumentation and Measurement, vol. 67, no. 7, pp. 1626-1637, Minneapoils, USA, Sept. 2016, pp. 1-5.
Jul. 2018. [38] A. Gomez-Exposito, A. J. Conejo, and C. Canizares, Electric Energy
[16] X. Fan, L. Du, and D. Duan, “Synchrophasor data correction under Systems: Analysis and Operation. Boca Raton: CRC Press, 2018.
GPS spoofing attack: a state estimation based approach,” IEEE Trans‐ [39] R. Horn and C. R. Johnson, Matrix Analysis, 2nd ed. Cambridge: Cam‐
actions on Smart Grid, vol. 9, no. 5, pp. 4538-4546, Sept. 2018. bridge University Press, 2013.
[17] X. Fan, S. Pal, D. Duan et al., “Closed-form solution for synchropha‐ [40] A. Gomez-Exposito, P. Rousseaux, C. Gomez-Quiles et al., “On the
sor data correction under GPS spoofing attack,” in Proceedings of use of PMUs in power system state estimation,” in Proceedings of
606 JOURNAL OF MODERN POWER SYSTEMS AND CLEAN ENERGY, VOL. 8, NO. 4, July 2020
17th Power System Computation Conference, Stockholm, Sweden, in 2010, and the Ph.D. degree in electrical engineering with minor in mathe‐
Aug. 2011. matics in 2012. He is currently an associate professor with the Department
[41] R. Zimmerman, C. Murillo-Saanchez, and R. Thomas, “MATPOWER: of Electrical and Computer Engineering at the University of Texas at San
steady-state operations, planning, and analysis tools for power systems Antonio, San Antonio, USA. He is a recipient of the NSF CAREER Award.
research and education,” IEEE Transactions on Power Systems, vol. He has co-organized symposia in the area of smart grids in IEEE Global
26, no. 1, pp. 12-19, Feb. 2011. SIP 2015 and 2016. He has also served as a co-guest editor for a special is‐
[42] IEEE Standard for Synchrophasor Measurements for Power Systems, sue of the IEEE Journal on Selected Topics in Signal Processing on Critical
IEEE Std C37.118.1-2011 (Revision of IEEE Std C37.118-2005), 2011. Infrastructures. His research interests include optimal and secure operation
of smart power grids and other critical infrastructures, including water distri‐
bution networks and the global positioning system.
Paresh Risbud received the B.E degree in electronics engineering from the
University of Mumbai, Mumbai, India, in 2011. He completed the M.S. de‐ Ahmad Taha received the B.E. and Ph.D. degrees in electrical and comput‐
gree in electrical and computer engineering from the University of Texas at er engineering from the American University of Beirut, Beirut, Lebanon, in
San Antonio, San Antonio, USA, in 2014. Currently, he is working towards 2011 and Purdue University, West Lafayette, USA, in 2015. In Summer
the Ph.D. degree in the Department of Electrical and Computer Engineering 2010, Summer 2014, and Spring 2015, he was a visiting scholar at Massa‐
at the University of Texas at San Antonio, San Antonio, USA, where he is a chusetts Institute of Technology (MIT), Cambridge, USA, University of To‐
graduate research assistant. His research interests include statistical signal ronto, Toronto, Canada, and Argonne National Laboratory, USA. Currently,
processing, power system state estimation, and optimization and control of he is an assistant professor with the Department of Electrical and Computer
cyber-physical systems. Engineering at The University of Texas, San Antonio, USA. He is an editor
of the IEEE Control Systems Society Electronic Letter (E-Letter). He is in‐
Nikolaos Gatsis received the Diploma degree in electrical and computer en‐ terested in understanding how complex cyber-physical systems operate, be‐
gineering from the University of Patras, Patras, Greece, in 2005 with hon‐ have, and misbehave. His research interests include optimization, control,
ors. He completed his graduate studies at the University of Minnesota, Min‐ and security of cyber-physical systems with applications to power, water,
nesota, USA, where he received the M. Sc. degree in electrical engineering and transportation networks.