Experimental Evaluation of the Detection and Mitigation of Time Synchronization Attacks on the Global Positioning System
Ali Khalajmehrabadi, Nikolaos Gatsis, David Akopian, University of Texas at San Antonio
Location: Big Sur
This material is based upon work supported by the National Science Foundation under Grant No. ECCS-1719043.
Motivation and Context:
The Global Positioning System (GPS)-based time-synchronization systems use the civilian GPS channels, which are open to the public. The unencrypted nature of these signals makes them vulnerable to unintentional interference and intentional attacks. Thus, unauthorized manipulation of GPS signals leads to disruption of correct readings of GPS-based time references, and thus, is called Time Synchronization Attack (TSA). To address the impact of malicious attacks, for instance on (Phase Measurement Unit) PMU data, the Electric Power Research Institute published a technical report that recognizes the vulnerability of PMUs to GPS spoofing under its scenario WAMPAC.12: GPS Time Signal Compromise. These attacks introduce erroneous time stamps which are eventually equivalent to inducing wrong phase angle in the PMU measurements. The impact of TSAs on generator trip control, transmission line fault detection, voltage stability monitoring, disturbing event locationing, and power system state estimation has been studied and evaluated both experimentally and through simulations. For instance in PMU applications, the attack should exceed the maximum allowable error tolerance specified by the IEEE C37.118 Standard, which is 1 % Total Variation Error (TVE), equivalently expressed as 0.573 phase angle error, 26.65 microseconds of clock bias error, or 7989 of distance-equivalent bias error. On the other hand, CDMA cellular networks require timing accuracy of 10 microseconds.
An attack is meaningful if it infringes the maximum allowed error defined in the system specification. Due to the peculiarities of the GPS receivers, the internal feedback loops may loose lock on the spoofed signal if the spoofer’s signal properties change rapidly. The designed spoofers have the ability to manipulate the clock drift (by manipulating the Doppler frequency) and clock bias (by manipulating the code delay). To maintain the victim receiver lock on the spoofer’s signals, the attack should not exceed a certain distance equivalent velocity. Two such limiting numbers are reported
in the literature, namely 400 m/s and 1000 m/s for two different receivers.
\par This work proposes a novel spoofing detection and mitigation for stationary infrastructures which rely on GPS for time synchronization. The basis of this work is based on our prior work in which the detection procedure is performed in navigation domain of the GPS receiver and hence, manipulation with base-band signal processing domain is not needed. Hence, this technique is easily integrable with the current GPS devices. Using the generated pseudorange and pseudorange rates in the victim receiver and considering the practical constraints of a real spoofer, our technique estimates the spoofer anomaly behavior and corrects the measurements of the victim receiver. In what follows, we first discuss the experimental evaluation platform and then discuss the spoofing detection and mitigation approach.
Proposed Experimental Evaluation Platform:
The proposed experimental platform to evaluate our spoofing detection and mitigation technique includes a spoofer and a victim receiver. The spoofer is a National Instrument (NI) simulator which generates the simulated signal at specific time and location. The victim GPS receiver is a Google Nexus 9 tablet which has been recently equipped with the new GPS chipset that provides the raw GNSS measurements. An Android application processes these measurements and generates navigation measurements. Our technique receives this navigation measurements in C++ Java Native Interface (JNI) and performs the spoofing detection and corrects the psedorange and pseudorange rates. The corrected clock bias and clock drift is the output of the spoofing detection and correction block.
Spoofing Detection and Mitigation Approach:
In this work, we specifically model the spoofing attacks. This model is quite general and encompasses the effect of various spoofing attacks on pseudorange and pseudorange rates on the victim receiver’s measurements considering the spoofer’s constraints. Considering that the attacks do not alter the position or velocity, but only the clock bias and clock drift, we introduce the state vector containing the clock bias and clock drift.
For an observation time window of length L and the running time index, k, the attack and the states are estimated through a multi component optimization problem.
The first term is the weighted residuals in the measurement equation, and the second term is the weighted residuals of the state equation. The last regularization term promotes sparsity over the total variation of the estimated attack.
The correction method takes into account the previously mentioned effect and modifies the bias and drift by subtracting the cumulative outcome of the clock bias and drift attacks.
This work has been implemented initially with a set of real GPS signals and simulated spoofing attacks. The results has shown that the clock bias of the victim receiver can be corrected up to 0.8 microsecond with respect to its normal operation. This is far below the application requirement of 26 microsecond for PMU applications.