University students “spoof” to increase security of power grid, other applications

Thomas Gehrels and Xichen Jiang, both graduate students, are studying how to improve the security of the power grid by mitigating vulnerabilities in GPS receivers. Their adviser, Jonathan Makela, professor of electrical and computer engineering, said they started the project at the end of last semester.

GPS receivers are used by various technologies to provide accurate position and timing information. Applications that make use of GPS include the power grid and stock markets. If the receiver can be made to report incorrect information, it can lead to errors within these systems.

One example of GPS vulnerabilities leading to errors is when the GPS signal that controlled the London Stock Exchange was blocked by a jamming device. Recently, they had an issue in which every day for 10 minutes, the exchange would lose its GPS signal, “and so they would lose their ability to use the accurate timing based on GPS,” Gehrels said.

“This was not due to an intentional attack on the stock exchange, however, but rather a passing truck driver using a jamming device to keep his boss from tracking where he drove,” he added.

Stock markets handle thousands of transactions per second, and the value of what’s being traded is constantly changing. But the jamming device blocked some of these transactions, causing errors to occur.

However, the students’ research is a bit different from the spoofing attacks that occurred in London. Instead of simply blocking the signal, which is what the attacker in London did, Gehrels and Jiang are using their research to prove that the time can actually be changed altogether. This practice is known as “spoofing.”

The GPS signal most receivers use is an unencrypted signal making it susceptible to spoofing. Gehrels defined this type of GPS spoofing as “generating a counterfeit GPS signal in order to cause a receiver to report false timing or position data.”

GPS receivers are also used as a component of phasor measurement units, which allow “power system engineers to observe the power grid in order to make sure it’s functioning properly,” Jiang said. The GPS receiver is what puts an accurate time stamp on all the PMU data.

PMUs provide a voltage and current measurement at “different points in the network and send these measurements into a utility command center,” Jiang said.

“Right now, how they currently have it in the system, is that one measurement occurs every five seconds — that’s very slow — but PMUs can sample at 60 samples per second, which is obviously a lot faster,” Jiang said. “Things occur in the power system pretty fast. If a blackout is happening, it’s going to happen very fast, so you need the measurement to come in at a faster rate than the dynamic changes in the power system are occurring, and PMUs allow you to do that.”

In other words, during the sequence of events that leads to a blackout, the system is going to change fast because of the action of protection relays tripping lines and generators; measurements provided by PMUs have the potential to capture these events.

However, “a spoofing attack could cause the PMUs to use incorrect timing data, which will lead to errors in the measurements they provide. This could make the information unhelpful … in preventing a blackout” Gehrels said.

Makela said his students’ research will allow them to experiment with different receiver designs in the future.

“(They will) study how they respond to jamming and spoofing. This environment will allow them to test out new designs and approaches to make GPS receivers more secure and reliable, thus improving the trustworthiness of the grid itself,” he said.

Their research is sponsored by Trustworthy Cyber Infrastructure for the Power Grid (TCIPG), which is funded by several industry sponsors and governmental departments such as the Department of Energy and Homeland Security.

“One of the goals of TCIPG is to make the power system more secure from cyber attacks,” Jiang said.

Their research has the potential to ensure that GPS receivers used in the power grid deliver correct results, even under malicious attacks.

“Working on this project is interesting because it is an important real-world problem and one that can have a very positive impact on the reliability of the future power grid,” Makela said.

Sophia can be reached at [email protected]