Understanding and Mitigating the Impacts of GPS/GNSS Vulnerabilities

Research Summary: 

The Global Positioning System (GPS) is the mostly widely used example of what are more broadly known as Global Navigation Satellite Systems (GNSS). GPS provides precise location and time information to any receiver capable of receiving and decoding the timing signals from at least 4 satellites in the GPS constellation. The civilian GPS signal does not come with any authenticators and, given the relatively low signal strength, is vulnerable to intentional or malicious jamming from land-based transmitters. The application of GPS devices in the power sector can potentially have significant impact on the bulk electric system through their integration into synchronization devices such as Phasor Measurement Units (PMUs). Given that PMU technology is expected to transition to control applications in the future and that the primary time synchronization mechanism used by PMUs today is GPS, there is growing concern that a dependency on GPS will introduce a built-in vulnerability into the infrastructure. The goals of this activity were to develop a hardware-based testbed capable of investigating the resiliency of various PMUs to known GPS spoofing attacks, use that hardware setup to demonstrate the feasibility of an attack, investigate possible detection and mitigation schemes to harden PMUs to GPS spoofing attacks, understand the timing and synchronization needs in power system applications, and develop a trustworthy GNSS-based timing source that is more spoofing-resilient than current GPS-based clocks. In the course of the work, we created a hardware-based testbed to investigate the effects of spoofing on PMUs. We investigated and implemented the Position-Information-Aided Vector Tracking Loop, and demonstrated 1) robustness against jamming with 5dB more noise tolerance compared with scalar tracking; 2) the ability to detect meaconing attacks; and 3) improvement of the accuracy of the timing solutions when compared with traditional scalar tracking (15 ns vs. 50 ns). We also explored cross-checking GPS military P(Y) codes among multiple GPS receivers at different locations, and showed that anti-spoofing robustness grows exponentially with the number of cross-check receivers, and that a modest number of low-cost unreliable receivers can outperform a high-end secure cross-check receiver.

Presentation from 2014 Industry Workshop:

Robust GPS-Based Timing for Phasor Measurement Units: A Position-Information-Aided Vector Tracking Approach. Presented by Daniel Chou, University of Illinois, at the 2014 TCIPG Industry Workshop held November 12-13, 2014 at the iHotel and Conference Center in Illinois. Slides for this presentation may be downloaded from the workshop archives.

TCIPG Seminar Series - October 3, 2014
Invited Presentation by Alejandro D. Dominguez-Garcia and Grace Xingxin Gao

GPS-Based Timing for Power System Applications: Vulnerabilities and Mitigation Strategies

Research Demo:

Understanding and Mitigating the Impacts of GPS/GNSS Vulnerabilities: A joint presentation from T. Gehrels and X. Jiang, University of Illinois, demonstrating an advanced goal-based attack on GPS signaling and discussing proposed mitigations to be able to detect and potentially prevent the impact of this class of attacks. Presented at the TCIPG Industry Workshop in November 2013.

More Information: