GPS Time Authentication against Spoofing for Power Systems via a Network of Receivers Paper
Tara Yasmin Mina, Sriramya Bhamdipati, and Grace Xingxin Gao, University of Illinois at Urbana-Champaign
The push to modernize the U.S. power grid by recent legislation has led to an increased investment in the installation of phasor measurement units (PMUs). In particular, the American Recovery and Reinvestment Act of 2009 (ARRA), which provided $4.5 billion of funding to the Office of Electricity Delivery and Energy Reliability under the Department of Energy, prompted the installation of over one thousand additional PMUs from a mere 166 before the legislation was passed . To monitor the health of the power grid, as well as to detect and mitigate disturbances, PMUs measure the voltage and current phasors at critical substations. Because this data is obtained from different PMUs across the network, each measurement must have a precise time-stamp in order to align the data and accurately estimate the state of the power grid. PMUs use Global Positioning System (GPS) time for this purpose, since it provides a precise and common time reference. However, because civilian GPS signals are weak and the C/A codes are publicly available, receivers of these signals can be easily spoofed by malicious attackers.
This paper introduces a reliable, centralized spoofing detection architecture for phasor measurement units (PMUs) using a three-layered approach. Our method has the following key characteristics:
1. Utilization of the military P(Y) codes without knowledge of the precise code sequences.
The presence of the P(Y) codes in the background of all GPS signals in the L1 frequency band creates a signature that cannot be forged by a spoofer because of its encrypted nature. Without knowing the exact sequence of the P(Y) codes, we utilize this background signature to authenticate a received signal via pairwise cross-correlations performed among a network of receivers  - . Although we collect GPS data at a sampling rate of 2.5 MHz, a significantly lower rate than the bandwidth of the P(Y) codes at 20.46 MHz, we can still reliably authenticate our received signal.
2. Verification against a widely-dispersed network.
The North American power grid system covers a wide geographical area. By adding receivers at widely-dispersed locations, we can enhance the robustness of our spoofing detection system, since the likelihood of multiple receivers being spoofed by the same attacker is minimal.
3. Position-information aiding of the PMUs.
Additionally, because the PMUs are stationary with well-known positions, this added information allows us to determine the expected time delay between any two given reference stations to predict the delay of the cross-correlation peak when both signals are authentic.
In our high-level architecture, the receivers in the network of PMUs send a 20-millisecond snippet of raw GPS data to a central decision-making unit (CDMU). The CDMU correspondingly returns a boolean decision to each receiver, indicating whether the particular receiver is being spoofed.
To determine the authenticity of the raw signals from each receiver, the CDMU will first parse the raw snippet to determine which PRNs are present as well as the corresponding code lag and Doppler frequency shift for the quadrature-phase L1 C/A code. We use this estimate of the Doppler shift to demodulate the in-phase L1 P(Y) code, then this processed code fragment is pairwise cross-correlated with code fragments from other receivers in view of the same satellite, or cross-check receivers. If the correlation between the two signals is strong, unless both receivers were spoofed by the same attacker, this indicates that the signals are indeed signals received by the GPS satellite constellation. Furthermore, if the delay in the correlation peak matches our estimated delay, determined from the known positions of the two receivers, this affirms that the two signals are authentic. Otherwise, if the correlation peak occurs at a significantly larger delay, one of the receivers is likely experiencing a record-and-replay spoofing attack, also known as meaconing. Aggregating the cross-correlation results of the receiver, including the set of cross-checks performed for each received PRN, a high net correlation power with relative delays remaining within a tolerance of our predicted delays indicates that the receiver is free from spoofing attacks.
To validate our spoofing detection algorithm, we recorded GPS data during an active, open-sky spoofing event and used a collection of cross-check receivers in Colorado, Illinois, Ohio, Alaska, Peru, and Chile. We have demonstrated that our networked approach is able to successfully detect GPS spoofing events for PMUs.
 United States, Department of Energy, Office of Electricity Delivery and Energy Reliability.
“Advancement of Synchrophasor Technology in Projects Funded by the American Recovery and Reinvestment Act of 2009.” Smart Grid Resource Center, Mar. 2016 https://www.smartgrid.gov/document/Synchrophasor_Report_201603.html
 Heng, Liang, Daniel B. Work, and Grace Xingxin Gao. “GPS signal authentication from cooperative peers.” IEEE Transactions on Intelligent Transportation Systems 16.4 (2015): 1794-1805.
 Lo, Sherman, et al. “Signal authentication: A secure civil GNSS for today.” inside GNSS 4.5 (2009): 30-39.
 O’Hanlon, Brady W., et al. “Real-Time GPS Spoofing Detection via Correlation of Encrypted Signals.” Navigation 60.4 (2013): 267-278.