understanding and mitigating the
play

UNDERSTANDING AND MITIGATING THE IMPACTS OF GPS/GNSS VULNERABILITIES - PowerPoint PPT Presentation

Nov 13, 2022 •222 likes •398 views

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 UNDERSTANDING AND MITIGATING THE IMPACTS OF GPS/GNSS VULNERABILITIES NOVEMBER 2013 T.W. GEHRELS J.J. MAKELA, X. JIANG, A. DOMINGUEZ-GARCIA,G. GAO, R. BOBBA UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN

  1. ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 UNDERSTANDING AND MITIGATING THE IMPACTS OF GPS/GNSS VULNERABILITIES NOVEMBER 2013 T.W. GEHRELS J.J. MAKELA, X. JIANG, A. DOMINGUEZ-GARCIA,G. GAO, R. BOBBA UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS | DARTMOUTH COLLEGE | UC DAVIS | WASHINGTON STATE UNIVERSITY FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T

  2. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G MOTIVATION • PMUs are increasingly prevalent in power systems – New opportunities in protection and control • GPS receivers used as a timing source for synchronization – GPS timing signals are nanosecond accurate – GPS signal freely available • GPS receiver clock offset will cause error in the PMU’s phase angle measurements • Error will be passed through PMU dependent algorithms – Voltage stability algorithm – Fault impedance computation – Fault location algorithm 2

  3. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G GPS VULNERABILITY • The civilian GPS signal is unencrypted and highly predictable • Simulated GPS signal can be generated that has the same signal structure as the authentic signals • Development of attacks allows for better understanding of vulnerabilities – Design effective detection and mitigation techniques 3

  4. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TYPES OF GPS RECEIVER ATTACKS • Signal level attack / replay attack – Change timing of signal, causing error in range measurements – Receiver position & clock offset not easily specified • Data level attack to cause crash – Induce divide by zero, increment week number irreversibly – Non-stealth attack • Subtle data level attack – Cause error in timing while still appearing to function normally – All encoded data remain realistic values – Receiver position change bounded to value of normal variation – Motivates the development of a more comprehensive, multi-layer detection scheme 4

  5. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OVERVIEW OF VULNERABILITY EXPLOITATION 1. Calculate the changes to the data contained in the GPS signals that will: • Induce the maximum possible receiver clock offset • Not cause a significant change to the calculated receiver location 2. Take over tracking loops of the GPS unit using spoofed signals • PMUs are at known locations, making the attack easier than for a dynamic target • Demonstrated by Humphreys et al. 3. Inject rogue data into the GPS unit and have it accepted as legitimate data • Introduce the calculated clock offset 5

  6. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OVERVIEW OF VULNERABILITY EXPLOITATION 1. Calculate the changes to the data contained in the GPS signals that will: • Induce the maximum possible receiver clock offset • Not cause a significant change to the calculated receiver location 2. Take over tracking loops of the GPS unit using spoofed signals • PMUs are at known locations, making the attack easier than for a dynamic target • Demonstrated by Humphreys et al. 3. Inject rogue data into the GPS unit and have it accepted as legitimate data • Introduce the calculated clock offset 6

  7. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G MAXIMIZING RECEIVER CLOCK OFFSET • A nonlinear optimization problem that maximizes the receiver clock offset (phase measurement error) through perturbation of the satellite ephemerides • Decision variables – satellites’ ephemeris • Objective function – receiver clock offset • Constraints – bounds on the satellites ’ ephemerides – bounds on change to the computed receiver position 7

  8. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G GPS CLOCK BIAS SIMULATION Clock offset Time of attack (objective function) Phase angle (impact) Perceived position (constraint) 8

  9. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G MAXIMIZING RECEIVER CLOCK OFFSET • A nonlinear optimization problem that maximizes the receiver clock offset (phase measurement error) through perturbation of the satellite ephemerides • Decision variables – satellites’ ephemeris • Objective function – receiver clock offset • Constraints – bounds on the satellites ’ ephemerides – bounds on change to the computed receiver position 9

  10. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G MAXIMIZING RECEIVER CLOCK OFFSET • A nonlinear optimization problem that maximizes the receiver clock offset (phase measurement error) through perturbation of the satellite ephemerides • Decision variables – satellites’ ephemeris User defined! • Objective function – receiver clock offset • Constraints – bounds on the satellites’ ephemerides – bounds on change to the computed receiver position 10

  11. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OVERVIEW OF VULNERABILITY EXPLOITATION 1. Calculate the changes to the data contained in the GPS signals that will: • Induce the maximum possible receiver clock offset • Not cause a significant change to the calculated receiver location 2. Take over tracking loops of the GPS unit using spoofed signals • PMUs are at known locations, making the attack easier than for a dynamic target • Demonstrated by Humphreys et al. 3. Inject rogue data into the GPS unit and have it accepted as legitimate data • Introduce the calculated clock offset 11

  12. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G IMPLEMENTATION TESTBED NI Signal Generator GPS simulator Spoofed signal Signal control Oscilloscope GPS receiver Receiver data Position data Desktop CPU 1 PPS 1k PPS Timing Timing (Spoofed) (True) 12

  13. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G RESULTS – PASSING FALSE EPHEMERIS • True ephemeris received at t = -120 s • Modified ephemeris values at t = 0 s • Modified ephemeris accepted by receiver • New values result in change in perceived receiver position 13

  14. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G RESULTS – INDUCING CLOCK OFFSET 8 Time of attack x position (m) • 3 No jump in position • Meets bounding constraints from derivation -2 -7 0 -100 Clock offset (µs) • Clock offset: 500 µs -200 • Phase offset: 10.8 o -300 -400 14 -500

  15. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EFFECT OF SPOOFING • Applications dependent on PMUs are vulnerable to spoofing – Fault identification algorithms – Equivalent network calculations – Stability monitoring algorithms • Theoretical demonstration of voltage stability monitoring algorithm 𝑢 2 − 𝑊 𝑢 1 𝑎 𝑢ℎ = 𝑊 True 𝐽 𝑢 1 − 𝐽 𝑢 2 𝑢 2 𝑓 𝑘ε 𝜄 − 𝑊 𝑢 1 𝑎 𝑢ℎ = 𝑊 𝐽 𝑢 1 − 𝐽 𝑢 2 𝑓 𝑘ε 𝜄 Spoofed 15

  16. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G MITIGATION • Software – Check position against known PMU location – Monitor signal power, quality – Intelligent filtering of the PMU data – Check time against reference clock • Network Complexity – Check ephemerides against external archives (e.g., IGS) – Cross-correlation of military P(Y) code amongst GPS receiver. • Hardware – Narrow-band tracking loop, since PMUs are static – Multi-receiver vector tracking loops – Reverse-calculate satellite positions by trilateration from multiple receivers, compare to received ephemerides 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane Foams Clare Perry Environmental Investigation Agency (EIA) International Symposium On The Unexpected Increase in Emissions of Ozone-Depleting

348 views • 18 slides
Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan*

Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan*

Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan* Sang Michael Xie* Fanny Yang John C. Duchi Percy Liang Stanford University Adversarial examples Standard training leads to models that are not

619 views • 50 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

836 views • 45 slides
Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University,

1.23k views • 70 slides
Understanding and Mitigating Regulatory Risk in Consumer Financial Transactions: Effective

Understanding and Mitigating Regulatory Risk in Consumer Financial Transactions: Effective

Understanding and Mitigating Regulatory Risk in Consumer Financial Transactions: Effective Diligence Strategies Jeffrey P. Taft Steven M. Kaplan Partner Partner +1 202 263 3293 +1 202 263 3005 jtaft@mayerbrown.com skaplan@mayerbrown.com

545 views • 27 slides
Shallow-Deep Networks: Understanding and Mitigating Network Overthinking Yiitcan Kaya , Sanghyun

Shallow-Deep Networks: Understanding and Mitigating Network Overthinking Yiitcan Kaya , Sanghyun

Shallow-Deep Networks: Understanding and Mitigating Network Overthinking Yiitcan Kaya , Sanghyun Hong, Tudor Dumitra University of Maryland, College Park ICML 2019 - Long Beach, CA What is overthinking? We, especially grad students , often

408 views • 24 slides
TCPA COMPLIANCE IN THE HEALTHCARE INDUSTRY: UNDERSTANDING AND MITIGATING RISKS DEREK KEARL,

TCPA COMPLIANCE IN THE HEALTHCARE INDUSTRY: UNDERSTANDING AND MITIGATING RISKS DEREK KEARL,

TCPA COMPLIANCE IN THE HEALTHCARE INDUSTRY: UNDERSTANDING AND MITIGATING RISKS DEREK KEARL, PARTNER INTRODUCTION DEREK KEARL jdkearl@hollandhart.com www.linkedin.com/in/derekkearl 801.799.5857 www.hhhealthlawblog.com AGENDA 1. Overview of

637 views • 35 slides
Understanding and mitigating gradient flow pathologies in physics-informed neural networks Paris

Understanding and mitigating gradient flow pathologies in physics-informed neural networks Paris

Understanding and mitigating gradient flow pathologies in physics-informed neural networks Paris Perdikaris Sifan Wang Department of Mechanical Engineering Applied Mathematics & Computational Science University of Pennsylvania University

444 views • 27 slides
Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com

Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com

Understanding and Mitigating Internet Routing Threats John Kristoff jtk@cymru.com Danny McPherson dmcpherson@verisign.com FIRST 2011 John Kristoff & Danny McPherson 1 One of two critical systems Routing (BGP) and naming

495 views • 28 slides
Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl Nets Clement & Associates Ltd FISHERIES ADVISORS & ANALYSTS Objectives Objectives Characterise the nature and extent of

730 views • 35 slides
FCPA Compliance is No Longer Enough Understanding Key Provisions, Ensuring Compliance and

FCPA Compliance is No Longer Enough Understanding Key Provisions, Ensuring Compliance and

Presenting a live 90-minute webinar with interactive Q&A Anti-Corruption Reform in Mexico: FCPA Compliance is No Longer Enough Understanding Key Provisions, Ensuring Compliance and Mitigating Legal Risks WEDNESDAY, DECEMBER 9, 2015 1pm

420 views • 27 slides
Entities and Individuals in the Crosshairs Understanding Key Provisions, Ensuring Compliance and

Entities and Individuals in the Crosshairs Understanding Key Provisions, Ensuring Compliance and

Presenting a live 90-minute webinar with interactive Q&A Mexico's New Anti-Corruption Laws and Implementing Regulations: Private Entities and Individuals in the Crosshairs Understanding Key Provisions, Ensuring Compliance and Mitigating

867 views • 43 slides
Mitigating Vulnerabilities Lucas von Stockhausen, Senior Product Manager & Application

Mitigating Vulnerabilities Lucas von Stockhausen, Senior Product Manager & Application

Prioritizing Risk Relative to Mitigating Vulnerabilities Lucas von Stockhausen, Senior Product Manager & Application Security Strategist Jimmy Rabon, Senior Product Manager #MicroFocusCyberSummit Understanding Risk Relative to Remediation

281 views • 25 slides
Corporate Misconduct: Implications for Companies Understanding Key Provisions of the Yates Memo,

Corporate Misconduct: Implications for Companies Understanding Key Provisions of the Yates Memo,

Presenting a live 90-minute webinar with interactive Q&A DOJ Guidance on Individual Accountability for Corporate Misconduct: Implications for Companies Understanding Key Provisions of the Yates Memo, Ensuring Compliance and Mitigating Legal

502 views • 35 slides
Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J. Mullenix , AIA Megha Parekh Sinha , AICP, LEED AP BD+C Partner, NBBJ Principal, NBBJ Mitigating Stress Dr. John Medina Professor of Bioengineering,

1.01k views • 33 slides
Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June 3, 2020 TRANSFORMING WASTEWATER TO RESOURCES Background Mitigating COVID-19 Impacts Ensuring the health and safety of District employees is

397 views • 10 slides
Meet the Development Team Aditya Wadaskar Kyle Douglas Richard Boone Sang Min Oh Sayali Kakade

Meet the Development Team Aditya Wadaskar Kyle Douglas Richard Boone Sang Min Oh Sayali Kakade

E TERNAL F LIGHT Delivering Power In Flight Delivering Power In Flight Meet the Development Team Aditya Wadaskar Kyle Douglas Richard Boone Sang Min Oh Sayali Kakade Battery Switching Controls & Controls & System Embedded &

1.31k views • 42 slides
Stochastic (Partial) Differential Equations and Gaussian Processes Simo Srkk Aalto

Stochastic (Partial) Differential Equations and Gaussian Processes Simo Srkk Aalto

Stochastic (Partial) Differential Equations and Gaussian Processes Simo Srkk Aalto University, Finland Why use S(P)DE solvers for GPs? The O ( n 3 ) computational complexity is always a challenge. Latent force models combine PDE/ODEs with

482 views • 12 slides
Privacy General Privacy Rights Employers are permitted to monitor work- related use of

Privacy General Privacy Rights Employers are permitted to monitor work- related use of

April 5, 2019 Privacy General Privacy Rights Employers are permitted to monitor work- related use of electronically generated communications when monitoring serves a legitimate business interest. See Also: Stored Communications Act

451 views • 11 slides
Magazine Various maps Field trips to use maps and GPS on actual hikes

Magazine Various maps Field trips to use maps and GPS on actual hikes

USGS FAQs Wikipedia article on UTM Article on Using GPS from Backpacker Magazine Various maps Field trips to use maps and GPS on actual hikes

871 views • 9 slides
Kalman Filter 16-385 Computer Vision (Kris Kitani) Carnegie Mellon University Examples up to now

Kalman Filter 16-385 Computer Vision (Kris Kitani) Carnegie Mellon University Examples up to now

Kalman Filter 16-385 Computer Vision (Kris Kitani) Carnegie Mellon University Examples up to now have been discrete (binary) random variables Kalman filtering can be seen as a special case of a temporal inference with continuous random

739 views • 41 slides
Vuln lnerable Road User Protection through In Intuit itive Vis isual l Cue on Smartphones

Vuln lnerable Road User Protection through In Intuit itive Vis isual l Cue on Smartphones

Vuln lnerable Road User Protection through In Intuit itive Vis isual l Cue on Smartphones Taeho Kim, Wongoo Han, Hyogon Kim, Yongtae Park Division of Computer and Communications Engineering Korea University CarSys 2017 October 20 2017,

822 views • 20 slides
CASE INTERVIEW BOOTCAMP TULANE UNIVERSITY FEBRUARY 2020 PRESENTED BY JENNY RAE LE ROUX

CASE INTERVIEW BOOTCAMP TULANE UNIVERSITY FEBRUARY 2020 PRESENTED BY JENNY RAE LE ROUX

2/8/20 CASE INTERVIEW BOOTCAMP TULANE UNIVERSITY FEBRUARY 2020 PRESENTED BY JENNY RAE LE ROUX MANAGEMENT CONSULTED 1 PRE-TEST Size the market for avocados in Canada (2 min) Then, defend your answer to a partner (1 min each) MANAGEMENT

602 views • 31 slides
A Summer Research Experience in Robotics Cindy Grimm, Alicia Lyman-Holt, and Bill Smart

A Summer Research Experience in Robotics Cindy Grimm, Alicia Lyman-Holt, and Bill Smart

A Summer Research Experience in Robotics Cindy Grimm, Alicia Lyman-Holt, and Bill Smart bill.smart@oregonstate.edu The Basics NSF REU Site Started in 2014 - just got recommended for 3-year renewal 10 funded students - with ~10 others, from

360 views • 14 slides

More recommend