Full Program
Summary:
Power substations play a critical role in maintaining efficient and stable electricity distribution within electrical grids by enabling switching operations, voltage transformation, and system protection. Digital substations commonly use the GOOSE protocol for rapid, reliable communication between protection relays during fault events. However, exploiting security vulnerabilities of the GOOSE protocol by masquerade attacks threatens the physical protection operations in digital substations. This paper presents a real-time verification method for detecting such attacks by utilizing measurements obtained locally by the relays, along with measurements exchanged via the protocol. The method uses phase angle and Root Mean Square (RMS) value comparisons, and proposes voltage and current boundary rules to distinguish legitimate messages from forged ones. The proposed verification approach has been validated through a simulation model, incorporating realistic substation configurations and network delays across five use cases. The results highlight its effectiveness in strengthening the cybersecurity of protection operations in digital substations.Author(s):
Mohamed Elrawy
KIOS research center, University of Cyprus
Cyprus
Lenos Hadjidemetriou
KIOS research center, University of Cyprus
Cyprus
Christos Laoudias
KIOS research center, University of Cyprus
Cyprus
Maria K. Michael
KIOS research center, University of Cyprus
Cyprus