WO2014113240A1 - Multi-constellation gnss integrity check for detection of time signal manipulation - Google Patents

Multi-constellation gnss integrity check for detection of time signal manipulation Download PDF

Info

Publication number
WO2014113240A1
WO2014113240A1 PCT/US2014/010507 US2014010507W WO2014113240A1 WO 2014113240 A1 WO2014113240 A1 WO 2014113240A1 US 2014010507 W US2014010507 W US 2014010507W WO 2014113240 A1 WO2014113240 A1 WO 2014113240A1
Authority
WO
WIPO (PCT)
Prior art keywords
time
time signal
signal
gnss
profile
Prior art date
Application number
PCT/US2014/010507
Other languages
English (en)
French (fr)
Inventor
Shankar V. ACHANTA
Original Assignee
Schweitzer Engineering Laboratories, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/887,617 external-priority patent/US9759816B2/en
Application filed by Schweitzer Engineering Laboratories, Inc. filed Critical Schweitzer Engineering Laboratories, Inc.
Priority to MX2015006701A priority Critical patent/MX2015006701A/es
Priority to CA2892153A priority patent/CA2892153A1/en
Priority to BR112015015190A priority patent/BR112015015190A2/pt
Priority to AU2014207819A priority patent/AU2014207819A1/en
Publication of WO2014113240A1 publication Critical patent/WO2014113240A1/en

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • G01S19/215Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02HEMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
    • H02H1/00Details of emergency protective circuit arrangements
    • H02H1/0061Details of emergency protective circuit arrangements concerning transmission of signals

Definitions

  • This disclosure relates to a satellite synchronized clock capable of detecting manipulated satellite signals. More particularly, this disclosure relates to detecting manipulation of a first satellite constellation using a second satellite constellation.
  • Figure 1 illustrates a simplified one-line diagram of an electric power delivery system.
  • Figure 2 illustrates an example system of reliable, redundant, and distributed time distribution devices.
  • Figure 3 illustrates GNSS receiver in communication with subsets of two GNSS satellite constellations.
  • Figure 4 illustrates a time distribution device for providing a time signal to one or more consuming devices.
  • Figure 5 illustrates a timing diagram of two GNSS constellations.
  • Figure 6 illustrates a phase error plot of two GNSS constellations.
  • Figure 7 illustrates an example of a time quality module configured to detect manipulation of a GNSS signal based on phase error.
  • Figure 8 illustrates a plot showing possible manipulation of a single GNSS constellation.
  • Figure 9 illustrates a method for detecting manipulated GNSS signals using event times.
  • Figure 10 illustrates a method for determining integrity of a time signal using an internal time reference.
  • Detailed Description drawings wherein like parts are designated by like numerals throughout. It will be readily understood that the components of the disclosed embodiments, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the systems and methods of the disclosure is not intended to limit the scope of the disclosure, as claimed, but is merely representative of possible
  • a software module or component may include any type of computer instruction or computer executable code located within a memory device and/or transmitted as electronic signals over a system bus or wired or wireless network.
  • a software module or component may, for instance, comprise one or more physical or logical blocks of computer instructions, which may be organized as a routine, program, object, component, data structure, etc., that performs one or more tasks or implements particular abstract data types.
  • a particular software module or component may comprise disparate instructions stored in different locations of a memory device, which together implement the described functionality of the module.
  • a module or component may comprise a single instruction or many instructions, and may be distributed over several different code segments, among different programs, and across several memory devices. Some embodiments may be practiced in a distributed computing environment where tasks are performed by a remote processing device .
  • software modules or components may be located in local and/or remote memory storage devices.
  • data being tied or rendered together in a database record may be resident in the same memory device, or across several memory devices, and may be linked together in fields of a record in a database across a network.
  • Embodiments may be provided as a computer program product including a machine-readable medium having stored thereon instructions that may be used to program a computer (or other electronic device) to perform processes described herein.
  • the machine-readable medium may include, but is not limited to, hard drives, floppy diskettes, optical disks, CD-ROMs, DVD-ROMs, ROMs, RAMs, EPROMs, EEPROMs, magnetic or optical cards, solid-state memory devices, or other types of non-transitory machine-readable media suitable for storing electronic instructions.
  • FIG 1 illustrates a simplified diagram of an example of an electric power delivery system 100 consistent with embodiments disclosed herein.
  • the systems and methods described herein may be applied and/or implemented in the electric power delivery system 100 illustrated in Figure 1.
  • an electrical power delivery system 100 may also be configured as a three-phase power system.
  • the electric power delivery system 100 may include electric generators 130 and 131 configured to generate an electrical power output, which in some embodiments may be a sinusoidal waveform.
  • Generators 130 and 131 may be selectively connected to the electric power delivery system using switches or circuit breakers 111 and 171, respectively.
  • Step-up transformers 114 and 115 may be configured to increase the output of the electric generators 130 and 131 to higher voltage sinusoidal waveforms.
  • Buses 122 and 123 may distribute the higher voltage sinusoidal waveform to a transmission line 120 between buses 122 and 123.
  • Step-down transformer 146 may decrease the voltage of the sinusoidal waveform from bus 123 to a lower voltage suitable for electric power distribution on line 142.
  • Distribution line 142 is further selectively connectable to bus 123 via circuit breaker or switch 144, and may distribute electric power to a distribution bus 140.
  • Load 141 (such as a factory, residential load, motor, or the like) may be selectively connected to distribution bus 140 using switch or circuit breaker 170. It further step down a voltage from the distribution bus 140 to the load 141.
  • Switches selectively connectable to transmission bus 123 using circuit breaker or switch 172.
  • Other equipment that may be included in the electric power delivery system may include, for example, static VAR compensators, reactors, load tap changers, voltage regulators, autotransformers, and the like. Some of these are considered as included in the electric power system 100 such as, for example, load tap changers can be considered as part of the load 141.
  • Generators 130 and 131 may be any generator capable of providing electric power to the electric power delivery system and may include, for example, synchronous
  • Such generation machines may include components such as power- electronically coupled interfaces, for example, doubly-fed induction machines, direct coupled AC-DE/DE-AC transfer devices, and the like. It should be noted that these are not exhaustive lists, and other equipment, machines, and connected devices may be considered under this disclosure.
  • FIG. 1 illustrates several IEDs 160-167 that may be configured to control one or more elements of the electric power delivery system.
  • An IED may be any processor-based device that controls monitored equipment within an electric power delivery system (e.g., system 100).
  • the IEDs 160-167 may gather equipment status from one or more pieces of monitored equipment (e.g., generator 130).
  • Equipment status may relate to the status of the monitored equipment, and may include, for example, breaker or switch status (e.g., open or closed), valve position, tap position, equipment failure, rotor angle, rotor current, input power, automatic voltage regulator state, motor slip, reactive power control set point, generator exciter settings, and the like. Further, the IEDs 160-167 may receive measurements concerning monitored , , ,
  • Measu rements may relate to a measu red status of the machine or equ ipment, and may include, for example, voltage, current, temperatu re, pressure, density, infrared
  • IEDs may be config ured to derive or calculate derived values, for example, power (real and reactive), mag nitudes and angles of voltages and currents, freq uency, rate of change of frequency, phasors, synchrophasors, fau lt distances, differentials, impedances, reactances, symmetrical components, alpha components, Clarke components, alarms, and the like.
  • IEDs 160-167 may issue control instructions to the monitored equ ipment in order to control various aspects relating to the monitored equ ipment.
  • Some examples of actions to control equ ipment include:
  • opening a breaker which disconnects a generator with a rotor angle moving towards instability opening a breaker which sheds load that is causing a voltage to decline towards a collapsing condition; opening a breaker to remove an asset when the asset, such as a l ine or transformer, is exceeding its safe operating limits; opening a breaker which sheds load that is causing the freq uency of the system to decline such that it is exceeding predefined operating limits; inserting shunt capacitance with the effect of increasing the voltage on an electric power l ine so that the reactive req rindments on a generator are not exceeded and therefore preemptively preventing the generator from being removed from service by a reactive power control; activating a dynamic brake which counters the acceleration of a machine rotor; adjusting a set-point on a governor to limit the power output of a synchronous machine so that it does not exceed the safe operating limits; simu ltaneously adjusting set-points of other synchronous machines so that they pick-up
  • An IED (e.g., IED 160) may be in commu nication with a circuit breaker (e.g., breaker 111), and may be capable of sending an instruction to open and/or close the circu it breaker, thus connecting or disconnecting a portion of a power system.
  • a circuit breaker e.g., breaker 111
  • an IED may be in communication with a recloser and capable of .
  • control instructions may be generally referred to as control instructions.
  • IEDs 160-167 may be communicatively linked together using a data
  • various components of the electrical power generation and delivery system 100 illustrated in Figure 1 may be configured to generate, transmit, and/or receive GOOSE messages, or communicate using any other suitable
  • an automation controller 168 may communicate certain control instructions to IED 163 via messages using a GOOSE communication protocol.
  • the illustrated embodiments are configured in a star topology having an automation controller 168 at its center, however, other topologies are also
  • the IEDs 160-167 may be communicatively coupled directly to the SCADA system 182 and/or the WACSA system 180. Certain IEDs, such as IEDs 163 and 164, may be in direct communication with each other to effect, for example, line differential protection of transmission line 120.
  • the data communications network of the system 100 may utilize a variety of network technologies, and may comprise network devices such as modems, routers, firewalls, virtual private network servers, and the like. Further, in some embodiments, the IEDs 160-167 and other network devices (e.g., one or more communication switches or the like) may be communicatively coupled to the communications network through a network communications interface.
  • IEDs 160-167 may be communicatively coupled with various points to the electric power delivery system 100.
  • IEDs 163 and 164 may monitor conditions on transmission line 120.
  • IED 160 may be configured to issue control instructions to associated breaker 111. IEDs , .
  • IED 162 may monitor and issue control instructions to transformer 114.
  • IED 166 may control operation of breaker 172 to connect or disconnect SCB 174.
  • IED 165 may be in communication with load center 141, and may be configured to meter electric power to the load center.
  • IED 165 may be configured as a voltage regulator control for regulating voltage to the load center using a voltage regulator (not separately illustrated).
  • an automation controller 168 may be referred to as a central IED, communication processor, or access controller.
  • the automation controller 168 may be embodied as the SEL- 2020, SEL-2030, SEL-2032, SEL-3332, SEL-3378, or SEL-3530 available from Schweitzer Engineering Laboratories, Inc. of Pullman, WA, and also as described in U.S. Patent No. 5,680,324, U.S. Patent No. 7,630,863, and U.S. Patent Application Publication No.
  • the IEDs 160-167 may communicate a variety of types of information to the automation controller 168 including, but not limited to, operational conditions, status and control information about the individual IEDs 160-167, event (e.g., a fault) reports, communications network information, network security events, and the like.
  • event e.g., a fault
  • the automation controller 168 may be directly connected to one or more pieces of monitored equipment (e.g., electric generator 130 or breakers 111, or 172).
  • the automation controller 168 may also include a local human machine interface (HMI) 186.
  • the local HMI 186 may be located at the same substation as automation controller 168.
  • the local HMI 186 may be used to change settings, issue control instructions, retrieve an event report (which may originate from a specified IED), retrieve data, and the like.
  • the automation controller 168 may further include a programmable logic controller accessible using the local HMI 186.
  • the automation controller 168 may also be communicatively coupled to a common time source (e.g., a clock) 188. In certain embodiments, the automation controller 168 may generate a time signal based on the common time source 188 that .
  • a common time source e.g., a clock
  • various IEDs 160-167 may be configured to collect and/or calculate time-aligned operational conditions including, for example, synchrophasors, and to implement control
  • IEDs may use the time information to apply a time stamp to operational conditions and/or communications.
  • the WACSA system 180 may receive and process the time-aligned data, and may coordinate time synchronized control actions at the highest level of the electrical power generation and delivery system 100.
  • the automation controller 168 may not receive a time signal, but a common time signal may be distributed to IEDs 160-167.
  • the common time source 188 may also be used by the automation controller 168 for time stamping information and data. Time synchronization may be helpful for data organization, real-time decision-making, as well as post-event analysis. Time synchronization may further be applied to network communications.
  • the common time source 188 may be any time source that is an acceptable form of time synchronization, including, but not limited to, a voltage controlled temperature compensated crystal oscillator, Rubidium and Cesium oscillators with or without digital phase locked loops, microelectromechanical systems (MEMS) technology, which transfers the resonant circuits from the electronic to the mechanical domains, or a Global Navigational
  • GNSS Global Positioning System
  • GPS Global Positioning System
  • the automation controller 168 may serve as the common time source 188 by distributing a time synchronization signal.
  • GNSS systems also referred to as GNSS constellations
  • Some examples of a currently operational GNSS include the United States NAVSTAR Global Positioning System (GPS) system and the Russian GLONASS.
  • Some examples of a GNSS planned for future operation include China' s Beidou Navigation Satellite System (BDS), and the European Union' s Galileo positioning system. It should be noted that a single GNSS system may include separate , ,
  • the electric power delivery system 100 illustrated in Figure 1 includes local control and protection using IEDs 160-167, and wide-area control using the automation controller 168 and/or WACSA 180 and/or SCADA 182.
  • FIG. 2 illustrates system 200 configured to be a highly reliable, redundant, and distributed system of time distribution devices 204, 206, and 208 capable of providing a precision time reference to various time dependent IEDs 212, 214, and 216.
  • Each time distribution device 204, 206, and 208 may be configured to receive and communicate time signals through multiple protocols and methods. While the system 200 is described as being capable of performing numerous functions and methods, it should be understood that various systems are possible that may have additional or fewer capabilities. Specifically, a system 200 may function as desired using only one protocol, or having fewer external or local time signal inputs.
  • time distribution devices 204, 206, and 208 have WAN capabilities and are communicatively connected to a WAN 218, which may comprise one or more physical connections and protocols.
  • Each time distribution device 204, 206, and 208 may also be connected to one or more IEDs within a local network.
  • time distribution device 204 is connected to IED 212
  • time distribution device 206 is connected to IEDs 214
  • time distribution device 208 is connected to IEDs 216.
  • a time distribution device may be located at, for example, a power generation facility, a distribution hub, a substation, a load center, or other location where one or more IEDs are found.
  • an IED may include a WAN port, and such an IED may be directly connected to WAN 218. IEDs may be connected via WAN 218 or LANs 210. Time distribution devices 204, 206, and 208 may establish and maintain a precision time reference among various system
  • Each time distribution device 204, 206, and 208 may be configured to communicate time information with IEDs connected on its LAN through one or more time distribution protocols, such as IEEE 1588.
  • Each time distribution device 204, 206, and 208 is configured to receive time signals from a variety of time sources.
  • time distribution GNSS repeater or satellite 202 is also configured to receive a second time signal 221 from an external time source 201.
  • the external time source may comprise one or more voltage-controlled temperature-compensated crystal oscillators (VCTCXOs), phase locked loop oscillators, time locked loop oscillators, rubidium oscillators, cesium oscillators, NIST broadcasts (e.g., WWV and WWVB), and/or other devices capable of generating precise time signals.
  • VCTCXOs voltage-controlled temperature-compensated crystal oscillators
  • phase locked loop oscillators phase locked loop oscillators
  • time locked loop oscillators time locked loop oscillators
  • rubidium oscillators cesium oscillators
  • NIST broadcasts e.g., WWV and WWVB
  • time distribution device 208 includes an antenna 220 configured to receive a GNSS signal from the GNSS repeater or satellite 202. As illustrated, time distribution device 206 does not directly receive an external time signal, however, according to alternative embodiments, any number and variety of external time signals may be available to any of the time distribution devices.
  • WAN 218 comprises a synchronous optical network (SONET) configured to embed a precision time reference in a header or overhead portion of a SONET frame during transmission.
  • SONET synchronous optical network
  • a precision time reference may be conveyed using any number of time communications methods including IRIG protocols, NTP, SNTP, synchronous transport protocols (STP), and/or IEEE 1588 protocols.
  • IRIG protocols IRIG protocols
  • NTP NTP
  • SNTP synchronous transport protocols
  • STP synchronous transport protocols
  • IEEE 1588 protocols synchronous transport protocols
  • Protocols used for inter IED time synchronization may be proprietary, or based on a standard, such as IEEE 1588 Precision Time Protocol (PTP).
  • PTP Precision Time Protocol
  • time distribution devices 204, 206, and 208 are configured to perform at least one of the methods of detecting failure of a time source described herein.
  • System 200 may utilize a single method or combination of methods, as described herein.
  • time signals may exhibit small discrepancies.
  • various clocks may exhibit microsecond level time offsets. Some of these offsets may be compensated for by the user entering compensation settings, or may need to be estimated by the time synchronization network. Estimation may be performed . .,
  • IEDs may receive time signals from one or more GNSS signals.
  • Different IEDs may receive time signals from one or more GNSS signal sources that are different from the GNSS signal sources for other IEDs. That is, several different GNSS sources are available.
  • the GPS system for example, consists of around 32 satellites that orbit the Earth twice per sidereal day. Accordingly, several satellites are visible to each receiver at any given time, and different satellites may be visible to different receivers at different times each day.
  • Signals from the GNSS satellites arrive at the receivers, and may be used by the receivers to calculate position as well as time.
  • Receivers in the systems of Figures 1 and 2 are typically stationary, using the GNSS signals to calculate time, and provide a common time to devices on the system.
  • Receivers of such signals may be vulnerable to attacks or manipulation such as blocking, jamming, and spoofing.
  • the GNSS receiver may continue to indicate that the signal is good, and signal lock may be maintained.
  • Such attacks may attempt to prevent a position lock, or feed a receiver false information such that the receiver calculates a false position and/or time.
  • Spoofing, or other manipulation, of time information in a system such as those of Figures 1 and 2 may introduce errors in the derived values by the IEDs, and/or errors into time stamps of equipment status, measurements, derived values, and communications among the devices. Such errors may result in improper control of the electric power delivery system. Accordingly, what is needed is detection of, and mitigation against such attacks.
  • Figure 3 illustrates a representation of a number of satellites (310-317) positioned around the Earth 302.
  • a GNSS receiver 304 may be located at a stationary position, or may be mobile upon the Earth 302.
  • the satellites 310-317 may constitute multiple constellations.
  • a first constellation includes satellites 310, 312, 314, and 316, where a second constellation includes satellites 311, 313, 315, and 317.
  • GNSS receiver 304 may be configured to receive signals from satellites of the first and second constellations via an antenna 306.
  • the first constellation may ,
  • Figure 4 illustrates a time distribution device 404, according to one
  • time distribution device 404 may include more or less functionality than the illustration.
  • time distribution device 404 may include an interface for monitoring equipment in an electric power delivery system in certain embodiments.
  • time distribution device 404 may be implemented either as an IED or as a network device.
  • time distribution device 404 includes a local time source 402 such as a voltage-controlled temperature- compensated crystal oscillator (VCTCXO), temperature-compensated crystal oscillator (TCXO), oven-controlled crystal oscillator (OCXO), or the like, that provides a local time signal and a time quality module 405 for establishing a precision time reference.
  • Time distribution device 404 further includes a pair of line ports 412 and 414 for
  • time distribution device 404 includes a GNSS signal receiver 410 for receiving a precision time signal, such as time from a GNSS via a GNSS antenna 420.
  • time distribution device 404 also includes a WWVB receiver 430 for receiving an NIST broadcast, which can be used as a precision time signal, via an external antenna 440. The received precision time signal from either source is communicated to the time quality module 405 for use in determining and distributing the precision time reference.
  • Another time source that may be fed to the time quality module 405 includes an external time source 406 that may conform to a time distribution protocol, such as IRIG.
  • the external time source 406 may communicate with another time port such as an IRIG input 408.
  • the various time information from the WAN (from line ports 412 and/or 414), GNSS signal receiver 410, WWVB receiver 430, and IRIG input 408 are input into the time quality module 405.
  • the inputs may be fed into a multiplexer (not shown) prior to being input into the time quality module 405.
  • the time quality module 405 functions to determine a precision time reference for use by the various .
  • Ethernet Drop Ports 418 may also include network communications to the various devices connected to GNSS receiver 404.
  • GNSS receiver 404 may further include connections to SONETs and transmit the precision time reference in a header or overhead portion of SONET frames.
  • Time distribution device 404 may also comprise a time signal adjustment subsystem 424.
  • Time signal adjustment subsystem 424 may be configured to track drift rates associated with various external time sources with respect to local time source 402.
  • Time signal adjustment subsystem 424 may also communicate time signals according to a variety of protocols. Such protocols may include inter-Range
  • time signal adjustment subsystem 424 may be implemented using a processor in communication with a computer-readable storage medium containing machine executable instructions. In other embodiments, time signal adjustment subsystem 424 may be embodied as hardware, such as an application specific integrated circuit or a combination of hardware and software.
  • the time distribution device 404 may obtain GNSS signals from multiple GNSS systems or constellations.
  • the GNSS signal receiver 410 may be configured to obtain satellite signals from GPS, GLONASS, Galileo, BDS, and the like.
  • the GNSS systems may provide a time signal such as a pulse-per-second (PPS) signal.
  • PPS pulse-per-second
  • time distribution device 404 may determine a phase error between the time signals of two or more of the constellations. If the phase error changes, time distribution device 404 may be configured to determine that one of the signals has been manipulated.
  • FIG. 5 illustrates a timing diagram 502 of a PPS signal from the GPS system, and another timing diagram 504 of a PPS signal from the GLONASS system.
  • the rising edge 506 of the first PPS of the GPS signal is slightly ahead of the rising edge 508 of the first PPS signal from the GLONASS signal.
  • the time quality module 405 these rising edges.
  • the time quality module 405 may use a time signal from the local time source to determine a phase error of any GNSS PPS by comparing the PPS with, for example a local oscillator. The time quality module 405 may continue to calculate the phase error for each subsequent PPS signal from the GPS system 510 and from the GLONASS system 512.
  • the time quality module may determine that one of the GNSS signals received by the GNSS receiver 410 may be manipulated. Accordingly, the time quality module 405 may continue to monitor the phase error between two GNSS signals. When the phase error drifts beyond a predetermined threshold, the time distribution device 404 may take a remedial action.
  • the time quality module 405 computes the phase error between the two rising edges (e.g., 506 to 508 and 510 to 512) of the timing signals.
  • an average of the phase errors may be calculated. The average may be calculated using a moving average window and stored in memory. In the event that one of the GNSS signals is being manipulated, the signal from the manipulated constellation may begin drifting and the phase error between the signals may change. For example, if the GLONASS signal 504 of Figure 5 were being
  • the rising edges of its PPS may begin to lag further behind the rising edges of the GPS PPS signal 502. Accordingly, the phase error between the signals would increase.
  • the rising edges of its PPS may slow down, which would decrease the phase error between the GPS signal 502 and the GLONASS signal 504 for a period of time, until the rising edges were coincident, after which the phase error would increase.
  • Phase error changes may further be brought about by a manipulated signal increasing a rate of PPS rising edges.
  • Figure 6 illustrates an example change in phase error over time of the signals illustrated in Figure 5 during normal operation 602 and during manipulation of one of the signals 604. Also illustrated is a manipulation detection threshold 606 that may be .
  • receiver 404 may take the remedial action.
  • the time quality module 405 may determine the initial phase error 602 and store the initial phase error 602 in memory.
  • the time quality module 405 may continuously monitor the phase error between the two GNSS constellations.
  • the phase error may be calculated in real time and filtered for several samples to avoid false positives.
  • the time quality module 405 may detect manipulation.
  • the threshold may be an absolute phase error.
  • the threshold may be, for example, approximately 1 microsecond.
  • the time quality module 405 may determine the initial phase error to be 50 nanoseconds. The time quality module 405 may continuously monitor the phase error. Once the phase error exceeds a threshold (such as, for example, 1 microsecond), the time quality module 405 may detect the manipulation, and take a remedial action.
  • a threshold such as, for example, 1 microsecond
  • the time distribution device 404 may receive GNSS signals from more than two constellations.
  • the time quality module 405 may calculate initial phase errors between each of the signals from each of the GNSS constellations, and monitor such phase errors. When one of the GNSS
  • the time quality module 405 may detect such a change and determine that the signal has been manipulated. The time quality module 405 may further determine which GNSS constellation signal is being manipulated using a voting scheme. For example, if three GNSS constellations are monitored, the time quality module 405 may determine that the two GNSS constellations with the smallest (or no) relative phase error are not the manipulated GNSS constellations.
  • the time distribution device 404 may take remedial action to avoid propagating inaccurate time data.
  • the remedial action may include, for example:
  • FIG. 7 illustrates an example of a time quality module configured to detect manipulation of a GNSS signal based on phase error.
  • the time quality module may include a phase detector 702, a filter 704, a comparator 706, a pick-up and drop-out timer block 710, and enablement logic 712.
  • the components of the time quality module may be implemented as software instructions carried out by a processor, dedicated hardware, and/or firmware.
  • the time quality module may be implemented as software instructions carried out by a processor, dedicated hardware, and/or firmware.
  • the phase detector 702 is configured to receive time signals, for example, a pulse-per- second (PPS) signal from two GNSS constellations (e.g., GPS and GLONASS).
  • PPS pulse-per- second
  • the phase detector is configured to determine a phase error between the two time signals.
  • the phase detector 702 may include a clock, or receive a clock signal, and determine an error (or difference) in clock counts between the two time signals.
  • the phase error determined by the phase detector 702 may be passed through a filter 704 to smooth out any abrupt variations in the detected phase error.
  • filter 704 may be a low pass filter.
  • the filter 7084 may be a simple moving average filter with saturation limits.
  • the filtered phase error may be passed to a comparator 706 configured to compare the phase error with a manipulation threshold value.
  • the manipulation threshold value as described above, may be user defined or determined based on historical phase error data.
  • the comparator may be enabled by enablement logic 712 when the time distribution module has a lock on both of the first and the second GNSS constellation in order to reduce the risk of a false manipulation signal when a GNSS lock has been lost.
  • the output of comparator 706 indicates whether possible manipulation of one of the GNSS constellations has been detected.
  • the comparator 706 may output a logic '1' when the filtered phase error exceeds the manipulation threshold .
  • Timer block 710 provides some hysteresis to help smooth out some of the possible false manipulation alerts.
  • the timer block 710 in the example of Figure 7, may be configured to track the output of the comparator, which has a refresh rate of lHz, and indicate manipulation if a defined number of cycles that the comparator has detected the phase error exceeds the threshold (i.e., outputs a logic T ).
  • the pick-up (PU) of the timer block 710 may be set such that detecting ten consecutive samples of a logic
  • the drop-out (DO) of the timer block may be set, for example, such that detecting three consecutive samples of a logic ⁇ ' results in the timer block ceasing to output the manipulation alert.
  • Figure 8 illustrates a method for detecting manipulation of a GNSS
  • the method 800 may start with the time distribution device 404 receiving a PPS rising edge signal from a first GNSS constellation 804 and receiving a PPS rising edge signal from a second GNSS constellation 806. As described above, the time quality module 405 may calculate the phase error 808. Although not specifically illustrated, the PPS rising edges from the first and second GNSS constellations may continue to be received, and a phase error may be calculated for each.
  • the time quality module 405 may calculate an average phase error for a moving window 810 using the calculated phase errors.
  • the phase error may be compared with a threshold 812. If the phase error exceeds the threshold 814, manipulation may be detected, an alarm may be sent (via a human-machine interface (HMI), over a communications network, or the like) and an alternate time source may be used 816.
  • the alternate time source may be an internal time source, another external time source, or the like.
  • the method may include other remedial actions as described above including, for example, determining which GNSS constellation signal is manipulated, and the like. Additionally, the time quality module may be able to determine which GNSS constellation signal. In various embodiments, the time distribution device is at a fixed location. The GNSS receiver may calculate a location based on the GNSS constellation signal and the time quality module may compare the calculated location to the known fixed location of the time distribution device. If the calculated location and the fixed location vary beyond a defined threshold, the time quality module may determine that the GNSS constellation signal has been manipulated.
  • the time distribution device 404 may be configured to detect manipulation of a time signal using a local time source.
  • the time distribution device 404 may include a local time source 402 such as a crystal oscillator.
  • the local time source 402 may be selected for a very good short term frequency stability.
  • the local time source 402 may be configured to produce a time signal such as a free running counter (FRC) that runs continuously.
  • the FRC may count the number of clock counts between the rising edges of each incoming PPS pulses.
  • the time distribution device 404 may include a number of time signal inputs. Each time signal input may undergo an integrity check in the time quality module 405. The integrity check may use the local time source 402 to perform the integrity check.
  • the time quality module 405 receives the FRC from the local time source. For each time input signal, the time quality module may store the FRC time stamp with each rising edge of the input signal. Under normal operating conditions, the FRC count value grows linearly with time.
  • Figure 9 illustrates how the FRC count values grow linearly with time under normal conditions, and that the growth may vary when a time source, such as a GNSS constellation, is being manipulated.
  • the time stamps tl through til correspond with the rising edges of a GNSS PPS signal and a particular FRC count value at that time.
  • the count value of the FRC between time stamps is constant (i.e., the slope of the plot is constant).
  • the slope of the plot changes at some point between t7 and t8, representing a change in the number of FRC counts between each time stamp..
  • a change in the number of . ., . FRC count plot may indicate manipulation of the GNSS signal.
  • the time quality module 405 may maintain a moving window to eliminate long term aging effects of the local time source 402.
  • the slope change due to possible manipulation may be an increase or a decrease in slope, depending on whether the manipulation increases or decreases the rate of the manipulated PPS signal. That is, the number of FRC count values between the PPS pulses may increase or decrease for a manipulated signal.
  • the FRC count value accumulates as the PPS pulses are received. Figure 8 illustrates this as a positive slope.
  • the FRC count value may be reset periodically (i.e., a moving window).
  • the time quality module 405 may maintain such a profile for multiple time sources. Given the FRC count vs. rising edge detection profile for a single time input, a change in slope may indicate either manipulation of the time signal or local time source degradation (e.g., oscillator degradation). For an embodiment where the time quality module 405 maintains such profiles for multiple time source inputs (for example, for GPS and for GLONASS), when a change in slope in one of the signals is detected, the time quality module 405 may compare the profiles of both signals. Then, if only one of the profiles shows the slope change, the time quality module 405 may determine that the time signal with the slope change is the
  • the time quality module 405 may determine that some oscillator degradation has occurred.
  • Figure 10 illustrates a method that may be used by a time distribution device for detecting manipulation of a time input signal by comparison against other time signals.
  • the method 1000 may start with a time distribution device receiving a PPS rising edge signal from a first GNSS constellation 1002, as well as receiving an FRC count from a local time source 1004.
  • the time distribution device may maintain a profile of FRC count vs. the PPS rising edge signal 1006 and calculate an average slope over a moving window 1008.
  • the time distribution device may detect a change in slope 1010. If a change in slope is not detected 1012, the method returns ,
  • the second time input may include another GNSS constellation, a time sig nal accord ing to IEEE 1588, or the like. If the second profile includes a slope change that matches the slope change of the first profile 1016, then the time distribution device determines that there is an internal time source degradation 1018 and ends 1022. If, however, the second profile does not include a slope change that matches the slope change of the first profile 1016, then the time d istribution device determines that there has been a manipulation of the first GNSS constellation sig nal 1020.
  • the time distribution device may then take remed ial actions as described above, such as, for example, ceasing to use the manipulated GNSS constellation signal, sending an alarm, or the like.
  • the method may return and continually monitor GNSS constellation sig nals for manipu lation 1022.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Electromagnetism (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)
  • Electric Clocks (AREA)
  • Measurement Of Unknown Time Intervals (AREA)
PCT/US2014/010507 2013-01-11 2014-01-07 Multi-constellation gnss integrity check for detection of time signal manipulation WO2014113240A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
MX2015006701A MX2015006701A (es) 2013-01-11 2014-01-07 Verificacion de integridad de gnss de constelacion multiple para deteccion de manipulacion de señal de tiempo.
CA2892153A CA2892153A1 (en) 2013-01-11 2014-01-07 Multi-constellation gnss integrity check for detection of time signal manipulation
BR112015015190A BR112015015190A2 (pt) 2013-01-11 2014-01-07 dispositivo de distribuição de tempo, e, método para receber e distribuir um sinal de tempo
AU2014207819A AU2014207819A1 (en) 2013-01-11 2014-01-07 Multi-constellation GNSS integrity check for detection of time signal manipulation

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201361751746P 2013-01-11 2013-01-11
US61/751,746 2013-01-11
US13/887,617 US9759816B2 (en) 2013-01-11 2013-05-06 Multi-constellation GNSS integrity check for detection of time signal manipulation
US13/887,617 2013-05-06

Publications (1)

Publication Number Publication Date
WO2014113240A1 true WO2014113240A1 (en) 2014-07-24

Family

ID=51210001

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/010507 WO2014113240A1 (en) 2013-01-11 2014-01-07 Multi-constellation gnss integrity check for detection of time signal manipulation

Country Status (5)

Country Link
AU (1) AU2014207819A1 (pt)
BR (1) BR112015015190A2 (pt)
CA (1) CA2892153A1 (pt)
MX (1) MX2015006701A (pt)
WO (1) WO2014113240A1 (pt)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107505832A (zh) * 2017-08-02 2017-12-22 桂林电子科技大学 一种高精度授时系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737715A (en) * 1996-04-23 1998-04-07 Hughes Electronics Frequency normalization utilizing GPS pulse time and time interval signal
US20060259806A1 (en) * 2005-05-12 2006-11-16 Schweitzer Eng. Laboratories, Inc. Self-calibrating time code generator
US7375683B2 (en) * 1999-03-05 2008-05-20 Era Systems Corporation Use of geo-stationary satellites to augment wide— area multilateration synchronization
US20110068973A1 (en) * 2009-09-24 2011-03-24 Coherent Navigation, Inc. Assimilating GNSS Signals to Improve Accuracy, Robustness, and Resistance to Signal Interference
US7952519B1 (en) * 2010-04-16 2011-05-31 John Nielsen Method and system for detecting GNSS spoofing signals
US20110285586A1 (en) * 2010-05-18 2011-11-24 Kendall Ferguson Global navigation satellite system (gnss) reference station integrity monitoring and assurance
US20120182181A1 (en) * 2011-01-14 2012-07-19 Dai Liwen L Method and system for determining clock corrections

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737715A (en) * 1996-04-23 1998-04-07 Hughes Electronics Frequency normalization utilizing GPS pulse time and time interval signal
US7375683B2 (en) * 1999-03-05 2008-05-20 Era Systems Corporation Use of geo-stationary satellites to augment wide— area multilateration synchronization
US20060259806A1 (en) * 2005-05-12 2006-11-16 Schweitzer Eng. Laboratories, Inc. Self-calibrating time code generator
US7398411B2 (en) * 2005-05-12 2008-07-08 Schweitzer Engineering Laboratories, Inc. Self-calibrating time code generator
US20110068973A1 (en) * 2009-09-24 2011-03-24 Coherent Navigation, Inc. Assimilating GNSS Signals to Improve Accuracy, Robustness, and Resistance to Signal Interference
US20110102259A1 (en) * 2009-09-24 2011-05-05 Coherent Navigation, Inc. Augmenting GNSS User Equipment to Improve Resistance to Spoofing
US7952519B1 (en) * 2010-04-16 2011-05-31 John Nielsen Method and system for detecting GNSS spoofing signals
US20110285586A1 (en) * 2010-05-18 2011-11-24 Kendall Ferguson Global navigation satellite system (gnss) reference station integrity monitoring and assurance
US20120182181A1 (en) * 2011-01-14 2012-07-19 Dai Liwen L Method and system for determining clock corrections

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107505832A (zh) * 2017-08-02 2017-12-22 桂林电子科技大学 一种高精度授时系统
CN107505832B (zh) * 2017-08-02 2019-11-19 桂林电子科技大学 一种高精度授时系统

Also Published As

Publication number Publication date
MX2015006701A (es) 2015-08-05
AU2014207819A1 (en) 2015-06-04
CA2892153A1 (en) 2014-07-24
BR112015015190A2 (pt) 2017-07-11

Similar Documents

Publication Publication Date Title
US9709682B2 (en) Multi-constellation GNSS integrity check for detection of time signal manipulation
US10288741B2 (en) Multi-constellation GNSS integrity check for detection of time signal manipulation
AU2014260280B2 (en) Synchronized clock event report
US9400330B2 (en) Manipulation resilient time distribution network
US9319100B2 (en) Delay compensation for variable cable length
US10122487B2 (en) Time distribution switch
US9599719B2 (en) Detection of manipulated satellite time signals
US9709680B2 (en) Quality of precision time sources
US9813173B2 (en) Time signal verification and distribution
US9760062B2 (en) Time distribution with multi-band antenna
WO2014158297A2 (en) Multi-constellation gnss integrity check for detection of time signal manipulation
WO2014113240A1 (en) Multi-constellation gnss integrity check for detection of time signal manipulation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14740529

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2892153

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: MX/A/2015/006701

Country of ref document: MX

ENP Entry into the national phase

Ref document number: 2014207819

Country of ref document: AU

Date of ref document: 20140107

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: P201590073

Country of ref document: ES

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112015015190

Country of ref document: BR

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14740529

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 112015015190

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20150623