ANCHOR-Grid: Authenticating Smart Grid Digital Twins Using Real World Anchors

1. Introduction

The Metaverse has attracted a lot of attention [1,2,3]. As a virtual extension of our social and professional lives, Metaverse redefines how we live, work, and socialize by enabling a seamless interweaving of the physical world with a virtual cyberspace [4]. The smart grid can benefit from the Metaverse by using its virtual environments for simulation, training, and collaboration. For example, energy providers can leverage the Metaverse to visualize grid performance, optimize energy distribution, or train operators in realistic, risk-free virtual scenarios, enhancing grid reliability and sustainability [5]. Meanwhile, it has also increased concerns about identity security and authenticity [6]. For example, advanced Deepfake technologies allow malicious actors to create highly realistic but fraudulent data, posing significant risks such as data theft, misinformation, and erosion of trust within virtual communities [7]. These risks can have severe consequences in sensitive applications like the smart grid.

Technologies such as blockchains [8], Elliptic Curve Cryptography (ECC) [9], evidential reasoning [10], and fuzzy logic [11] are introduced to secure access control for Metaverse and to perform cross-domain ID authentication. However, even with all of these advances, substantial work still needs to be done to secure sensitive information for devices to interact in the virtual world due to the lack of attention committed in the past. Currently, security mechanisms in the Metaverse are in their infancy, making the Metaverse vulnerable to impersonation attacks and data theft.

Security is a crucial aspect of modern power infrastructure, integrating advanced information technology to improve efficiency, reliability, and sustainability [12,13]. A smart power grid is considered a part of the future Metaverse that relies on interconnected devices such as sensors, smart meters, and automated control systems that collect and share data to optimize energy distribution and consumption [14]. However, this increased connectivity also presents vulnerabilities to cyberattacks, data breaches, and system manipulation, which can severely affect the stability and public safety of the network [15].

The concept of deepfake attacks on the smart grid introduces significant risks, as the grid relies heavily on digital communication, automation, and artificial intelligence (AI) for efficient operation [16]. Deepfake attacks in this context involve the generation or alteration of data, signals, or interactions to mislead systems or operators, potentially jeopardizing the stability and security of the grid. The consequences of such attacks can range from operational disruptions to financial losses and even national security threats [17]. One potential scenario is the generation of fake control signals or the manipulation of legitimate ones. These deep fake signals could mislead operators or automated systems, leading to load-balancing failures, unnecessary load shedding, or even widespread grid outages [18]. Similarly, deepfake technology can manipulate sensor data, creating synthetic or altered measurements of voltage, current, or frequency [19].

Such manipulation could mislead AI systems used for predictive maintenance, trigger false alarms, or conceal actual system faults, leading to inefficiencies and vulnerabilities [20]. Another form of deepfake attack involves impersonating grid operators or stakeholders. Through advanced video or voice deepfake technology, attackers can issue false commands or mislead participants in decision-making processes [21]. A voice attack could result in unauthorized actions, such as shutting down critical infrastructure or overloading the grid.

Deepfake attacks could also target consumer data, fabricating electricity consumption patterns to create incorrect billing or disrupt demand-side management programs [22]. Additionally, attackers might exploit biometric authentication systems, such as facial or voice recognition, used in grid control systems or customer portals [23]. By bypassing authentication mechanisms, they could gain unauthorized access to critical infrastructure or steal sensitive data. The consequences of these attacks are severe. False data or signals could disrupt power generation, transmission, and distribution operations, leading to cascading failures across interconnected infrastructures [24]. Moreover, deepfake attacks could undermine trust in the smart grid as users and stakeholders struggle to distinguish between genuine and fake communications, ultimately increasing vulnerability and risking national security [25].

Advanced technologies like Electric Network Frequency (ENF)-based security [26], blockchain [27], Digital Twins (DTs) [28], and AI-driven threat detection [29] are increasingly essential to enhance smart grid security. ENF can ensure authenticity by anchoring communications to a real-world, unpredictable signal. DTs are a virtual representation of the infrastructure, such as computer-aided designs of buildings, bridges, and vehicles [30]. The DT can be used to cross-check the functioning of applications when information comes from distributed sensors. This paper proposes Authenticating Networked Computerized Handling of Representations for Smart Grid Security (ANCHOR-Grid), a novel method for authenticating smart grid DTs by leveraging ENF signals as anchors in the real world.

The primary contributions of this paper include:

• Expansion of Environmental Fingerprinting into Virtual Worlds. Pioneering application in the Metaverse, our work extends the concept of environmental fingerprinting beyond physical and network security into virtual DT environments, an unexplored area.
• Protection of Critical Infrastructure. Contributing to smart grid security by proposing a novel authentication mechanism that bridges the physical and virtual worlds and addressing a critical gap in existing security measures against Deepfake attacks in critical infrastructure systems.
• Practical Implementation and Validation through a Smart Grid Case Study. The application of ANCHOR-Grid in a virtual Internet of Smart Grid Things (IoSGT) setting demonstrates the real-world relevance and necessity of the technique.

The rest of this paper is structured as follows. Section 2 provides a brief overview of the state-of-the-art and background knowledge. Section 3 details the ANCHOR-Grid system’s principle, architecture, and algorithm. Section 4 validates the effectiveness and presents the performance of ANCHOR-Grid using the case study. Finally, Section 6 concludes this paper with conclusions and a concise discussion of the ongoing efforts.

2. Background and Related Works

2.1. Data Security in Metaverse

The current data security landscape for the Metaverse covers various aspects such as user identification, avatar protection, data authentication, etc. Different techniques are introduced, such as cryptography, blockchain, machine learning, and biometric-based approaches. For example, to secure the biometric data transmission process for the Metaverse, [9] combined Elliptic Curve Cryptography (ECC) and fuzzy extractors to achieve lower computational and transmission usage while maintaining similar robustness against specific attacks. Similarly, [31] proposed a framework using chameleon signature authentication in which users obtain ID tokens from third-party providers using biometric information. The scheme continuously verifies the identifications by connecting the users’ real IDs with the avatars’ virtual IDs. Although this approach guarantees authentication reliability, adopting the chameleon algorithm creates additional processing time. In recent years, machine learning has been a practical technique to enhance the current power grid security landscape, especially in SCADA (supervisory control and data acquisition) systems [32].

2.2. ENF Signals as an Environmental Fingerprint

ENF is a time-varying signal fluctuating across its nominal frequency value of 50 Hz or 60 Hz based on the power supply demand from electrical power grids [33]. In the United States, the ENF nominal value is 60 Hz, whereas most Asian and European countries have a nominal value of 50 Hz. Due to the power supply and demand fluctuations throughout the power grid, the load balance mechanism of the generator system results in the fluctuation of ENF from its nominal value within a range. The ENF fluctuates in the range of [-0.02.0.02] Hz in the United States and [-0.05,0.03) Hz in Asian and European counties [34]. The fluctuations in the ENF signal are propagated throughout the power grid interconnect, and thereby, any observed ENF fluctuations for a particular time instant should reflect similar fluctuations. Figure 1 represents the ENF signal simultaneously recorded from two cities in different states, 180 miles apart, where both the cities belong to the Eastern power grid interconnect. With ENF estimated from the multimedia recordings and the existence of a parallel ground truth reference database, a signal can match for its accurate recording time [35]. Leveraging the unique fluctuating nature and presence in multimedia recordings, the ENF signals have been applied in areas like digital forensics [26], location-based geo-tagging [36], surveillance video authentication [37], and Deepfake attack detection [17].

2.3. Digital Twins in Smart Grids

As the technology refers to creating a virtual representation of a physical object, DTs can mirror the characteristics, behaviors, and conditions in real-time [38]. Dynamic DTs are utilized with static digital twins using the Dynamic Data Driven Applications Systems (DDDAS) paradigm [39]. DTs in Smart Grids create a dynamic, real-time digital replica of the physical, electrical grid, enabling enhanced monitoring, analysis, and optimization of grid operations [40]. DTs are comprehensive virtual models that mirror the actual grid components’ behavior, conditions, and structure, such as transformers, substations, and distribution lines [41]. The DT virtual representation allows utility operators to visualize and understand the grid’s performance under various conditions without interfering with the physical infrastructure.

By implementing DTs, smart grid operators can perform advanced simulations and predictive analytics to anticipate and mitigate potential issues before they escalate into critical problems [42,43]. For example, DTs can model the impact of integrating renewable energy sources like solar or wind power, forecast demand fluctuations, and assess the effects of equipment failures or cyberattacks. The DT proactive approach facilitates better decision-making, enhances grid reliability, and optimizes energy storage systems (ESS) and distribution by allowing operators to test scenarios and strategies in a risk-free virtual environment [44]. Furthermore, DTs play a crucial role in asset management and maintenance within Smart Grids [45]. They enable real-time monitoring of equipment health and performance by collecting and analyzing data from sensors embedded in the grid infrastructure. DTs with continuous data flow allow for predictive maintenance strategies, where potential failures are identified and addressed before they occur, reducing downtime and maintenance costs [46]. Additionally, DTs support the efficient planning and execution of grid expansions or upgrades by providing detailed insights into the existing infrastructure’s capabilities and limitations.

DTs also contribute to enhancing the cybersecurity of Smart Grids [47]. The risk of cyber threats grows as the energy sector becomes increasingly digitized. DTs can simulate potential cyberattack scenarios and help develop robust defense mechanisms by identifying vulnerabilities within the grid’s digital ecosystem [48]. A DT simulation capability ensures that security measures are effective and up-to-date, safeguarding the grid against disruptions that could have widespread consequences. In the broader context of transitioning to more sustainable and resilient energy systems, DTs facilitate the integration of distributed energy resources and advanced technologies such as Internet of Things (IoT) devices and smart meters [49,50]. It is noted that DTs provide a platform for testing the interoperability and impact of these technologies on grid stability and efficiency. By enabling a deeper understanding of how different components interact within the grid, DTs support the evolution of Smart Grids towards greater adaptability, sustainability, and customer-centric services.

3. ANCHOR-Grid: Rationale and Design

3.1. Architecture Overview

Figure 2 provides an architectural view of our ANCHOR-Grid scheme, which can secure Smart Grid DTs by utilizing real-world ENF anchors as a defense mechanism against deepfake attacks. The system integrates smart grid components, including DTs, cloud infrastructure, and distributed locations, all connected via power, data, and DTs to enhance network resilience and data integrity.

The bottom of Figure 2 represents multiple geographical locations connected to the power grid. Each location is part of the smart grid infrastructure and has distinct characteristics:

• Location 1 is an industrial environment with various facilities connected to the power grid (black solid lines). The data network links each facility to the cloud, enabling data aggregation, including ENF readings from this location. The ENF data is a unique identifier consistent across all locations connected to the same power grid, making it a reliable feature for detecting data manipulations.
• Location 2 represents a residential area, including homes and electric vehicle charging stations. The ENF signature captured here provides a unique, location-specific electrical frequency profile that can be cross-referenced with data from other locations for consistency. The ENF signal helps verify the authenticity of data and prevent malicious deepfake attacks.
• Location 3 shows a specialized industrial and research facility. This location integrates advanced facilities that rely heavily on smart grid technologies, and ENF anchors can help ensure that data from this sensitive location is secure. Any inconsistencies in the ENF signal can indicate potential deepfake attempts or tampering.

The Cloud Layer is a centralized hub that processes data gathered from distributed locations and manages the DTs. The cloud layer facilitates centralized data processing, analytics, and secure data storage. The cloud architecture ensures that the real-time data captured from physical locations are securely aggregated and cross-referenced with the corresponding digital twin data to identify discrepancies or potential deepfake attacks. The green dashed lines represent data communication between the cloud and various locations, emphasizing the role of the cloud as a central node that enables cross-location synchronization and validation.

The Digital Twin Layer at the top illustrates several DTs of physical infrastructure within the smart grid. DTs are virtual replicas that simulate corresponding real-world assets’ behavior, operations, their data DTs interact and exchange information through a DTs Network (orange dashed lines). Each digital twin replicates a specific element of the smart grid, such as industrial systems, residential environments, or specialized facilities. The primary role of these DTs is to facilitate continuous monitoring, predictive maintenance, and optimization of grid operations. The DTs rely on real-time data to mirror physical systems accurately and help cross-verify data authenticity by leveraging ENF anchors as a security measure.

The Power Grid links all three locations to the central grid. This shared power grid means the ENF signal remains consistent across all locations. Any data manipulation through deepfake attacks would disturb the expected ENF pattern, which can be used to detect and mitigate the attack. The Data Network connects each location to the cloud, ensuring that operational data, ENF readings, and other relevant information are continuously transmitted for processing and validation. The cloud can use the operational information to cross-check data across locations to identify discrepancies. Finally, the DT Network connects the DTs in the top layer, allowing virtual models to interact and exchange information based on the data collected from physical systems. Using ENF as an anchor, these DTs can verify that the data they use for simulation and decision-making is genuine and free from manipulation.

3.2. Rationale of ANCHOR-Grid

The rationale of ANCHOR-Grid lies in the increasing complexity and interconnectivity of smart grid systems, where DT and data integrity, confidentiality, authenticity, and trust are paramount. In modern power grids, integrating DTs has become vital for monitoring, predicting, and optimizing grid performance. However, this digital transformation also brings new challenges in ensuring that the data flowing between physical components and their digital counterparts is authentic and untampered. Without robust verification mechanisms, malicious actors could inject false data streams or even generate deepfake data, leading to disruptions, compromised reliability, and even safety hazards in critical energy infrastructure. ANCHOR-Grid addresses these challenges by leveraging ENF signals as a real-world anchor, ensuring that data transmitted to DTs is genuinely from grid-connected sources and is intrinsically tied to real-time conditions.

Electric Network Frequency offers a unique, continuously fluctuating signal synchronized across the power grid, making it an ideal candidate for real-world authentication. Unlike conventional digital signatures or encryption schemes that depend on pre-shared cryptographic keys or trusted third parties, ENF signals are inherently shared across all grid-connected devices in real time. These fluctuations are unpredictable and difficult to forge without direct access to the grid, making ENF an ideal natural fingerprint for verifying the origin of data. By embedding ENF data into communications between physical devices and their DTs, ANCHOR-Grid provides a reliable, cost-effective, and tamper-resistant method for establishing authenticity, particularly beneficial in distributed smart grid systems requiring real-time responses and decentralized control.

ANCHOR-Grid also provides a means to address synchronization without reliance on traditional mechanisms such as GPS or external time servers, which are vulnerable to spoofing or jamming attacks [51]. The ENF value is naturally synchronized across the entire power grid, eliminating the need for additional synchronization hardware or infrastructure. The ANCHOR-Grid approach simplifies authentication, reduces deployment costs, and mitigates dependencies on external timing mechanisms. By using ENF as an environmental anchor, ANCHOR-Grid ensures that data is tied to real-world conditions and builds resilience against deepfake attacks and replay attacks, thus enhancing the robustness of the smart grid’s digital ecosystem. Incorporating ENF-based authentication into the smart grid provides a strong foundation for improving grid reliability, enabling secure integration of renewable energy sources, and supporting the next generation of digital grid management technologies.

3.3. ENF-based Authentication Module

The exponential growth of interconnected sensor networks in modern technological ecosystems urgently requires robust, lightweight authentication mechanisms. The ENF signatures as an environmental authentication method provide many advantages by leveraging its unique frequency fluctuations, consistent throughout the local interconnected grid [35]. Leveraging the sensors deployed for senior safety monitoring, including multimedia-based sensors like audio or video, can enable ENF embedding as part of the captured recording and provide location and temporal-based signatures. A dedicated ENF capture sensor can also be deployed without alternate sources, giving redundancy to the authentication framework.

Leveraging lightweight signal estimation algorithms like short-time Fourier transform and correlation coefficient for signal similarity, we establish an ENF authentication module for the data captured from independent sources simultaneously instant [37]. Although the ENF signal is accessible to external adversarial actors, combining the ENF signal and a unique device identifier enables an additional layer of security. Given this measure, remote manipulation of the sensor data becomes challenging due to the ENF signal’s location-based fluctuations and unique sensor device identifiers.

4. Security Monitoring for Smart Grid

Instead of a full-scale Metaverse, a task-oriented Microverse allows a more feasible paradigm to create a proof-of-concept prototype [52]. To validate the feasibility and effectiveness of our ANCHOR-Grid scheme, we conducted a case study in a Microverse-based IoSGT environment designed to monitor the security and robustness of a Microgrid.

4.1. ANCHOR-Grid Microverse

This paper explores the application of Unreal Engine 5 (UE5) to recreate a real-time monitoring environment for Microgrid DTs based on sensor data and attack events. The proposed approach utilizes powerful 3D modeling and visualization tools provided by UE5 to simulate a realistic and interactive representation of Microgrid infrastructure, incorporating dynamic data visualization, ENF-based authentication verification, and simulated attack scenarios. This paper details the implementation process, benefits, and results of using UE5 to provide an immersive, real-time digital representation of microgrid systems, focusing on security and resilience.

Real-time sensor data are integrated into the virtual environment using Blueprint Visual Scripting. The state of each component is dynamically updated based on sensor inputs such as temperature, voltage, and power usage. UE5’s integration capabilities allow for either real-time API calls to fetch sensor data or pre-recorded datasets to simulate sensor behavior. After processing the received data by the server, the result is visualized in UE5.

Figure 3 demonstrates the simulated smart grid scenario we designed that is embedded with multiple common elements such as a small local substation, solar panels, wind turbines, transmission lines, monitoring UAVs, and a small local factory. Leveraging the information of the facilities in the physical world and the real-time data collected by various sensors, the mentioned infrastructure of the smart grid is mirrored in this virtual space. As shown in Figure 3, the real-time management of the power grid and the UAV can be further integrated using the live data from sensors [53]. Meanwhile, the daily alarm report is generated by listing different scenarios such as trespassing, security, ENF, UAV-observed issues, etc. The details of the ENF alarm will also be collected and reported by illustrating the correlation between the ENF and ground truth.

4.2. Micorgrid Monitoring in Microverse

The Microverse environment provides a dynamic virtual space for simulating and managing smart grid components in real time. It allows DTs of physical assets to interact with grid operations’ physical and virtual representations. Monitoring a microgrid within the Microverse involves integrating DTs, real-time data streams, and sophisticated analytics to provide a comprehensive overview of microgrid performance. By implementing monitoring capabilities within the Microverse, operators can observe, optimize, and secure power generation, consumption, and distribution while maintaining grid stability and responding swiftly to anomalies or attacks.

4.2.1. Digital Twin Integration and Real-Time Data Acquisition

The first step in monitoring a microgrid in the Microverse involves the creation of DTs for all major microgrid components—such as solar panels, wind turbines, battery storage systems, and inverters. Each DT is a virtual representation that mirrors the state and operation of its physical counterpart in real time. Sensors on physical assets continuously measure operational parameters, such as voltage, current, temperature, power output, and energy storage levels. This data is transmitted to the Microverse, where updated DTs provide a near-instantaneous virtual representation of real-world conditions.

Real-time data acquisition is fundamental to the monitoring process. A data gateway or communication hub collects sensor data from microgrid components, processes it, and transmits it to the Microverse. Within the Microverse, the data is ingested into DTs, allowing operators to visually monitor system status through a user interface (UI). This UI offers an interactive, graphical dashboard displaying all key metrics. The data collected is further stored in a centralized database to enable detailed analysis, pattern recognition, and historical trend comparisons, which are crucial for understanding grid dynamics and enhancing predictive capabilities.

4.2.2. Operational Analysis and Real-Time Monitoring

Real-time monitoring in the Microverse allows the system to observe microgrid performance metrics and react promptly to operational issues. By continuously comparing live data from physical assets with pre-defined thresholds or setpoints, the system can detect performance deviations that indicate potential problems, such as overvoltage, equipment overload, or low battery levels. Suppose the monitoring system detects anomalies, such as a sudden drop in power output from a solar array or a battery malfunction. In that case, it can raise alerts, prompting operators to investigate and take corrective action.

Moreover, the Microverse environment allows for automated anomaly detection using machine learning models. Algorithms such as LSTM (Long Short-Term Memory) networks and autoencoders can be deployed within the Microverse to analyze incoming data streams from the microgrid DTs. These algorithms identify anomalies that may not be detectable using traditional threshold-based monitoring by learning standard behavior patterns and detecting deviations in real time. Such automated anomaly detection is beneficial for identifying early warning signs of faults, thereby preventing failures that could compromise the microgrid’s stability.

4.2.3. Security Monitoring and Attack Detection

Cybersecurity is an essential aspect of monitoring in the context of smart grids. The Microverse environment enables continuous security monitoring by integrating ENF signals as a real-world anchor for authenticating data between physical assets and DTs. The ANCHOR-Grid framework helps detect potential cyberattacks by embedding ENF-based signatures in the data packets. For instance, if an attacker tries to inject deepfake data into the grid, the Digital Twin can verify the ENF signature and detect inconsistencies, effectively identifying the attack.

Another critical aspect of security monitoring is network traffic analysis. The Microverse environment employs Intrusion Detection Systems (IDS) that analyze communication data between microgrid components and their DTs. These systems monitor for suspicious activities, such as unauthorized access attempts or strange data flows, and raise alerts if a potential attack is detected. Combining ENF-based signature verification with advanced network security monitoring, the Microverse ensures that microgrid operations are secure, reliable, and protected against cyber threats.

5. Experimental Study

5.1. Experimental Setup

Based on the proof-of-concept prototype system in the Microverse environment, we validated our ANCHOR-Grid framework’s feasibility in detecting and mitigating security threats. We developed multiple simulations to test different attack scenarios targeting the data flows between physical devices and their respective DTs. Deepfake data injection attacks involved introducing falsified sensor data into the grid, attempting to disrupt DT operations. To validate the authenticity of data packets, we introduced ANCHOR-Grid’s ENF-based signature mechanism.

5.1.1. Physical Testbed

The ENF extraction and security analysis testbed consists of two parts, which serve distinct but complementary purposes. The left printed circuit board (PCB) shown in Figure 4 is responsible for power regulation and signal conditioning, while the Raspberry Pi is the central processing and data extraction unit. Together, these two boards provide a system capable of extracting ENF data from the power grid and processing it for security purposes.

The left PCB performs two critical functions. First, the blue section generates a regulated 5V DC power supply from the input voltage, which is then used to power the Raspberry Pi on the right. This regulated power is vital for ensuring the stable operation of the Raspberry Pi, allowing it to process and extract ENF data effectively. The red section of the left PCB is responsible for stepping down and conditioning the voltage from the power grid. This reduced voltage signal is then fed into the audio input of the Raspberry Pi. This section aims to provide a safe, scaled-down version of the AC power grid frequency, which can be captured and analyzed by the Raspberry Pi. The reduced voltage ensures that the Raspberry Pi receives only a low-amplitude representation of the power grid frequency. This makes it suitable for ENF extraction without posing a risk to the equipment or operator. The Raspberry Pi, located on the right, serves as the central processing unit for the testbed. The audio input of the Raspberry Pi is used to capture the ENF signal, which represents variations in the power grid frequency. Once captured, the Raspberry Pi processes the streaming data to extract the ENF, which is used in the ANCHOR-Grid framework.

5.1.2. ENF-based Signature

The ANCHOR-Grid framework’s core is the use of ENF as an authentication anchor. The ENF signal fluctuates continuously based on grid conditions and provides a unique fingerprint for data packets originating within the power grid. To generate an ENF-based signature, we employed the following steps:

• Extracting ENF Data Window: A window of ENF data is extracted from the power grid. The specific security requirements determine the length of the window—typically, a 10-second window is used, during which the ENF value is sampled every second. This yields a sequence of ENF values, e.g., [60.01, 59.98, 60.02, 59.99, 59.97, ...].
• Normalizing the ENF Data: To prepare the data for signature generation, min-max normalization is applied to scale the ENF values between 0 and 1. This helps in maintaining consistency across different environments. For instance, if $mi{n}_{val}$ is 59.96 and $ma{x}_{val}$ is 60.03, each value in the sequence is normalized as:
• Smoothing the ENF Data: Given that ENF data can be noisy, a moving average technique is used to smooth the sequence. This removes minor fluctuations, making the resulting signature more robust. Using a 3-point moving average, the smoothed sequence might look like [0.428, 0.619, 0.524, ...].
• Hashing to Generate a Fixed-Length Signature: The smoothed ENF sequence is concatenated into a single string and then hashed using a cryptographic hash function, such as SHA-384, to generate a fixed-length ENF signature. This signature acts as a watermark that ties data to real-world conditions in the grid. For instance, the hash output might look like:
  $$\begin{gathered} ENFSignature="106eb0a4d3ce1da3828693ea6f364159a15c3bf3f637cb918ffe3db8e \\ 875b1948aff0ca9a1e6ce5cefc401a64302e3db" \end{gathered}$$
• Generating data packet structure with JSON format typically includes metadata such as packet ID, device ID, timestamp, and the data payload (e.g., sensor readings). The data packet structure is as follows:

  -

  Packet ID: A unique identifier, e.g., "P164205785600".

  -

  Device ID: The identifier for the originating device, e.g., "Device01".

  -

  Timestamp: When the packet was generated,

  e.g., "2024-11-11T12:30:45Z".

  -

  Data Payload: Sensor readings or measurements,

  e.g., {"temperature": 25.4, "power_usage": 12.5}.

  Once the data packet is generated, it is serialized to a JSON string and hashed using a cryptographic hash function, such as SHA-384, to produce a fixed-length message. Afterward, the ENF signature is combined with the hashed packet to form the final message. For the combination process, three approaches were followed:

  -

  Concatenation: Concatenate the two hashed values, deciding the order based on the timestamp. For example, if the timestamp is even, $Combine{d}_{H}ash=Hash1\left|\right|Hash2$; otherwise, $Combine{d}_{H}ash=Hash2\left|\right|Hash1$.

  -

  Interleaving: Use an empty list to store the combined result. Generate the message by iterating through each bit or byte of Hash1 and Hash2, appending them according to the interleaving rule determined by the timestamp. For example, if the timestamp is even, start by appending a byte from Hash1, followed by a byte from Hash2, and repeat.

  -

  Pseudorandom Number Generator (PRNG): SHA-384 produces a hash of 48 bytes (or 96 hexadecimal characters). First, we generate a seed number based on the milliseconds of the time we used in the packet to create 48 fixed random numbers within the range [0, 95]. These numbers are then used to place $Hash1$ and $Hash2$ into a 96-byte vector, which is subsequently sent to the server as a message.

  At first, we applied each approach independently. Then, to enhance the randomness of the $CombinedHash$, we employed a random combination sequence approach, utilizing different methods to create the message. This combination is derived from five approaches: two strategies for concatenation, two for interleaving, and one using the PRNG. One of these approaches is randomly selected (based on the seed number used in the PRNG) to generate the final message. Then, the final message is hashed and encapsulated in a JSON packet for transmission to the server.

After generating the final JSON message, AES-512 encryption was applied to the package to improve data security. Figure 5 illustrates how the ENF data is extracted, hashed, and combined with the message data. The body of the message contains the message data, which is as follows:

{

    "message":

    {

        "packet_id": "P164205785600",

        "device_id": "dev_102",

        "date_time": "2024-11-11T12:30:45Z"

        "data_payload": {

            "temperature": 25.4,

            "power_usage": 12.5

        }

        "enf_data": [60.01, 59.98, 60.02,

        59.99, 59.97, ...]

    }

  "signature": 8c7f1e1e606a22d3062f61d7f373

  6836ee46ab4b32f49fbaedfe29c21969c7b924507

  05e0a5643ae3aaae783cc3482d2

}

A timestamp is included in the packet to add another layer of security. This timestamp is key, ensuring that each packet is unique and time-bound. The timestamp’s inclusion makes it difficult for attackers to replicate packets, as they would need precise access to the ENF data at a specific time to generate the correct packet. The combination process, which can use concatenation, interleaving, or PRNG-based combination, is selected based on the timestamp as a key.

5.1.3. Evaluation Model

This study explores potential deepfake attacks on the ANCHOR-Grid framework, an authentication method for data packets originating from the power grid that uses ENF signals as an authentication anchor. We assume an attacker possesses detailed system knowledge, including public and private keys, but lacks information about the specific ENF signature embedded in each message. This paper outlines approaches to implement deepfake attacks targeting different stages of the authentication process and replay attacks that use previously captured ENF signatures, emphasizing generating convincing ENF signatures and examining the robustness of the signature-generation process. Tampering attacks, where specific packet attributes (such as single bytes, timestamps, or payloads) are altered, also effectively test the mechanism’s ability to detect integrity violations. Furthermore, noise injection attacks, which introduce random noise or jitter, can be used to assess the robustness of the generation and verification of ENF signatures. Finally, we evaluate the success rate of these fake attacks and their impact on the system’s reliability.

The evaluation model assumes an adversary attempting to bypass the authentication system using forged data packets. However, the primary focus is on assessing the success rate of the ENF-based authentication mechanism in distinguishing between legitimate and forged packets under different scenarios. Several attacks were used to examine the security algorithm’s performance in testing deepfake attacks. Application Programming Interfaces (APIs) were used to receive data from the client and store it on the server.

5.1.4. Methodology

A structured and repeatable evaluation methodology is essential for testing the performance of an ANCHOR-Grid defense mechanism. This methodology should encompass controlled experiments and, where feasible, simulations or real-world testing. A comprehensive testing approach helps ensure the defense mechanism is effective in diverse scenarios and performs well under varying conditions. Below, we outline key steps and considerations that guide this evaluation process.

• Step 1: Defining Clear Metrics and Objectives.

The first step in testing a defense mechanism is to define clear performance metrics and objectives. The metrics used to evaluate the effectiveness of the defense mechanism include detection rate, false positive rate (FPR), false negative rate (FNR), and overall accuracy. The detection rate measures the percentage of successfully identified attacks or anomalies, whereas the FPR captures the proportion of benign activities mistakenly flagged as attacks. These metrics provide insight into the defense mechanism’s sensitivity and specificity, which are crucial for understanding its reliability. Additional performance measures include precision and recall, which provide further details about classification accuracy. Precision refers to the proportion of true positives among all flagged instances, while recall measures the ability to identify all actual attacks.

• Step 2: Establishing a Baseline.

Before implementing the defense mechanism, it is critical to establish a baseline measurement of system performance without any defensive measures. Baseline measurements allow for an objective comparison of performance changes post-implementation. These baselines may include metrics such as average packet processing time, memory usage, and overall system throughput in the absence of any security interventions. By comparing the system’s behavior before and after the defense mechanism is introduced, it becomes easier to quantify the new mechanism’s actual impact.

• Step 3: Creating a Diverse Test Dataset.

A key aspect of performance testing is using a diverse and comprehensive test dataset. The dataset should include legitimate traffic and various attack scenarios to thoroughly test the defense mechanism’s capabilities. Legitimate traffic consists of standard data packets that have not been altered, which helps evaluate the system’s ability to distinguish between benign and malicious activities. For a more robust evaluation, diverse attack scenarios should be included. These may involve deepfake attacks, where modified data packets or ENF signatures mimic legitimate signals without originating from actual sources. The dataset should also vary in size and complexity, ranging from small datasets with just a few packets to large datasets. This allows the system’s scalability to be effectively evaluated. Complexity can be increased by varying the number of sensors, the variety of ENF signals, and environmental differences, providing a broader understanding of how well the defense mechanism performs in different contexts.

Generating a dataset of legitimate and altered packets requires following the specified rules. This data set creation process requires proper structuring of each component, from generating the ENF signature to crafting legitimate or forged packets, allowing for practical evaluation of the defense mechanism. This simulation aims to include correct and altered packets to evaluate the system’s ability to differentiate between them. The process starts with the generation of ENF data. Generated ENF data is crucial to simulate real-world scenarios the defense mechanism will encounter. We then normalize these data using Min-Max normalization, which scales the values between 0 and 1, ensuring uniformity before hashing. A moving average filter is applied to further refine the data to smooth out any abrupt variations and make the signature generation process more reliable.

Once the ENF data are normalized and smoothed, the next step is to generate a signature using a cryptographic hashing algorithm. In this case, the SHA-384 hashing function generates a unique ENF signature. This signature acts as the identity of the ENF data and is crucial for differentiating between legitimate and altered packets. Following this, data packets are created by combining the ENF signature with a hashed version of the actual message. This combination is essential to ensure the authenticity of the packet. The legitimate packets are created using the correct message hash and the ENF signature.

In contrast, the altered packets use a manipulated message, such as reversing the original message content before hashing. This alteration simulates an attacker trying to forge legitimate packets. The dataset is created in a structured format, with each packet accompanied by a label indicating whether it is legitimate or forged. The data set is then saved in a CSV file for further analysis. The ENF correlation approach is integrated into the testing phase to validate the client and server ENF data similarity. This ensures the defense mechanism can handle real-world noise and discrepancies effectively.

• Step 4: Performing Controlled Experiments.

Controlled experiments are an essential step in evaluating the defense mechanism’s performance. In a laboratory setting, known attacks can be injected at specified times, enabling precise measurement of how effectively and quickly the mechanism detects these threats. This type of experiment can also involve varying the volume and intensity of attacks, such as introducing a single altered packet rather than a large burst of modified packets. Repeating these experiments multiple times and averaging the results ensures statistical reliability and consistency.

A/B testing is another valuable tool for controlled experimentation. The effectiveness of the intervention can be demonstrated by comparing system performance with and without the defense mechanism under identical conditions. Stress and load testing further contribute to a complete assessment, as they evaluate how the defense mechanism scales when faced with increased traffic volume and attack frequency and determine the point at which the system may start to fail or experience significant slowdowns.

5.1.5. Evaluation

The evaluation process starts with the system receiving data from a client, which contains two critical components: Signature and Message. These components verify the authenticity of the received data by cross-checking both the ENF and the cryptographic signature derived from the message content. The Time parameter obtains the Server ENF, the ENF signature available on the server side for a specific time window. At the same time, the Client ENF is extracted from the data received from the client. This Client ENF is essentially the signature generated at the client side during the given time frame, using the ENF values that align with the time window of the data’s creation.

The next step involves generating a Calculated Signature from the Message. The message is processed using cryptographic hashing (SHA-384), resulting in a unique hash value, the Calculated Signature. This calculated value is critical for verifying the integrity of the received message by ensuring that the data has not been altered during transmission. The Client Signature, included in the received packet, must match this calculated value for the data to be considered genuine.

Once both the Server ENF and Client ENF are available, a correlation check is performed to determine the similarity between the server-side and client-side ENF data. Due to potential noise and variations during the ENF extraction process, the values may not be identical. Therefore, a threshold correlation value of 0.8 is established. If the correlation is more significant than 0.8, the server concludes that the client and server ENF data are sufficiently similar, allowing the system to proceed to the next validation step. However, if the correlation is below 0.8, the data is immediately flagged as fake since the ENF values are too different, indicating potential tampering or an attempted attack. Figure 6 shows the correlation process to detect legitimate and fake ENF.

After successfully passing the correlation check, the system compares the Client Signature (the hash signature provided by the client) with the Calculated Signature (derived from the message data at the server). If both signatures match, it confirms that the message has not been altered, and the data is validated further. On the other hand, if the signatures do not match, the data is labeled as Fake Data, signifying that the integrity of the message has been compromised.

The final step in the evaluation process involves combining the outcomes of the correlation check and the signature verification. If both conditions are satisfied—the ENF correlation exceeds 0.8, and the Client Signature matches the Calculated Signature—the data is classified as Valid Data. This indicates that the message is authentic, and its temporal signature (the ENF) and its integrity (the message signature) are intact. However, if either checks fails, the data is labeled as Fake, ensuring that only authentic and unaltered data is accepted.

This multi-layered approach provides a robust mechanism for verifying data authenticity by combining temporal correlation and message integrity checks. Using both ENF correlation and cryptographic signatures adds multiple layers of security, making it exceedingly difficult for attackers to forge data successfully without access to both the specific ENF values and the correct message signature. Thus, the system ensures the temporal alignment and integrity of data before marking it as valid. Figure 7 illustrates the evaluation process on the server side.

5.2. Experimental Results

5.2.1. Detection Rates and False Positives

To evaluate the detection capabilities and robustness of the ENF-based defense mechanism, a series of tests were conducted under various attack scenarios with varying levels of complexity and frequency, as shown in Figure 8. For deepfake attacks, the system was tested at low attack frequencies (one forged packet per 500 legitimate ones) and higher frequencies (one per 50). At lower frequencies, the mechanism achieved near-perfect detection (99.8%) with negligible false positives (0.2%), showcasing its sensitivity to sparse attack patterns. However, as the attack frequency increased, the false positive rate rose slightly to 1.5%, although the detection rate remained robust at 97.5% as shown in Table 1.

Replay attacks were evaluated with different time offsets to measure the system’s resistance to temporal manipulation. ENF signatures reused after a short delay (5 seconds) were more challenging to detect, resulting in a slightly lower detection rate of 94%. However, more prolonged delay attacks (120 seconds) were effectively mitigated, with a detection rate of 98.5%, highlighting the system’s temporal resilience. Tampered data packets were also tested, including scenarios where multiple bytes in the payload were modified. These tests consistently demonstrated perfect detection rates (100%), with no false positives. Random variations were introduced into the ENF data to assess the system’s robustness against noise. While minor noise levels (5%) had minimal impact on detection (96.5% rate), significant noise (20%) reduced accuracy to 88%, indicating the need for enhanced robustness under high-noise conditions.

5.2.2. Robustness Under Network Conditions

The defense mechanism’s performance was further evaluated under various simulated network conditions, including latency, packet loss, and jitter, illustrated in Figure 9. In low-latency environments (<5ms), the system exhibited near-perfect detection accuracy (99.9%) and minimal false positives (0.1%). As latency increased to 50ms and 200ms, detection rates slightly decreased to 98.5% and 95%, respectively, while false positives increased modestly, indicating some sensitivity to delayed network conditions.

Table 2 shows packet loss scenarios simulated real-world challenges in data transmission reliability. At 1% packet loss, the system maintained a high detection rate (98%) with minimal impact on latency and false positives. However, with 5% packet loss, detection accuracy dropped to 90%, and false positives increased to 3%, revealing limitations under significant data loss. The system’s resilience to timing variations was assessed through jitter simulations. Low jitter conditions had negligible impact, maintaining a detection rate of 97%. In contrast, high jitter significantly affected performance, reducing detection accuracy to 88% and increasing false positives to 4%. These results underscore the importance of optimizing the system for real-world network environments.

5.2.3. Comparison between ANCHOR-Grid and Existing Security Mechanisms

We have conducted a detailed comparison study between ANCHOR-Grid and existing security mechanisms. Table 4 summarizes the key features concerning modern ESS optimization and security approaches, such as Cryptographic Signatures, Threshold-Based Anomaly Detection, AES Encryption, Elliptic Curve Cryptography (ECC), and Intrusion Detection Systems (IDS), highlights significant differences in adaptability, robustness, scalability, and suitability for modern smart grid environments.

Table 3. Comparison of the existing ESS optimization methods.

Feature	ANCHOR-Grid Framework	Cryptographic Signatures [16]	Threshold-Based Anomaly Detection [18]	AES Encryption [20]	Elliptic Curve Cryptography (ECC) [9]	Intrusion Detection Systems (IDS) [25]
Core Authentication Method	Uses Electric Network Frequency (ENF) signals as environmental fingerprints.	Generates fixed-length signatures for data integrity.	Monitors specific parameters for anomalies.	Encrypts data payloads for confidentiality.	Provides secure key exchange and signing.	Detects attack patterns via traffic analysis.
Adaptability	Highly adaptable to dynamic, evolving threats like deepfake and replay attacks.	Static; vulnerable to replay and adaptive attacks.	Ineffective against crafted or evolving threats.	Focused on encryption, not adaptability.	Limited to predefined patterns.	Struggles with novel and adaptive threats.

Table 3. Comparison of the existing ESS optimization methods.

Feature	ANCHOR-Grid Framework	Cryptographic Signatures [16]	Threshold-Based Anomaly Detection [18]	AES Encryption [20]	Elliptic Curve Cryptography (ECC) [9]	Intrusion Detection Systems (IDS) [25]
Core Authentication Method	Uses Electric Network Frequency (ENF) signals as environmental fingerprints.	Generates fixed-length signatures for data integrity.	Monitors specific parameters for anomalies.	Encrypts data payloads for confidentiality.	Provides secure key exchange and signing.	Detects attack patterns via traffic analysis.
Adaptability	Highly adaptable to dynamic, evolving threats like deepfake and replay attacks.	Static; vulnerable to replay and adaptive attacks.	Ineffective against crafted or evolving threats.	Focused on encryption, not adaptability.	Limited to predefined patterns.	Struggles with novel and adaptive threats.

Core authentication methods for these mechanisms vary widely. ANCHOR-Grid uniquely uses ENF signals as real-world environmental fingerprints, embedding physical characteristics into the digital system. This approach inherently ties data authenticity to the physical state of the grid, offering a novel layer of security. In contrast, cryptographic signatures rely on hashing algorithms like SHA-384 to ensure data integrity, but they are static and lack adaptability. Threshold-Based Anomaly Detection focuses on predefined limits for parameters like voltage or frequency, while AES Encryption secures data payloads without addressing authenticity. ECC provides secure key exchange and signing capabilities but requires significant computational resources. IDS monitors network traffic patterns, but its effectiveness is limited to predefined attack signatures.

Regarding adaptability, ANCHOR-Grid outshines traditional mechanisms by dynamically authenticating data and adapting to evolving threats like deepfake and replay attacks. Conventional approaches are rigid and often fail against advanced threats. For example, Cryptographic Signatures and AES depend on static configurations, making them vulnerable to replay and adaptive attacks. Similarly, Threshold-Based Detection and IDS rely on predefined patterns or rules, which struggle to address novel cyber threats. Robustness Against Deepfake Attacks is a critical advantage of ANCHOR-Grid. By leveraging ENF signals, ANCHOR-Grid detects and differentiates between authentic and fake data streams, which is challenging for traditional methods. Cryptographic Signatures and AES Encryption are ineffective against deepfake attacks, as these mechanisms cannot detect manipulated data if the payload structure remains intact. IDS is also limited in handling mimicked legitimate behavior, making it less effective in addressing deepfake scenarios.

Replay Attack Resilience is another area where ANCHOR-Grid excels. By analyzing the temporal properties of ENF signals, it identifies reused data from different time frames, effectively mitigating replay attacks. In contrast, Cryptographic Signatures and ECC can implement timestamping but remain vulnerable to spoofing. AES and IDS lack inherent replay attack protection unless combined with external mechanisms. The noise resilience of ANCHOR-Grid is notable, as it maintains high detection accuracy (>85%) under moderate noise levels by filtering fluctuations in ENF signals. Traditional mechanisms like Threshold-Based Detection are highly susceptible to noise, which skews their predefined values, leading to false positives or missed anomalies. Although Cryptographic Signatures, AES, and ECC are unaffected by noise in their operation, they fail to address anomalies caused by environmental noise, while IDS may experience degraded detection in noisy conditions.

Regarding real-time detection, ANCHOR-Grid supports decentralized, lightweight, real-time authentication, which is ideal for distributed smart grid environments. Existing methods like Cryptographic Signatures and ECC are not designed for real-time responses. At the same time, Threshold-Based Detection and IDS provide real-time monitoring but lack ANCHOR-Grid’s adaptability and scalability. Scalability is another significant strength of ANCHOR-Grid. Its decentralized use of ENF signals allows it to scale seamlessly across large smart grid systems. In contrast, traditional mechanisms like ECC and IDS face scalability challenges due to key management and traffic analysis requirements. While Cryptographic Signatures and AES scale reasonably well, they still require centralized management for complex deployments.

Implementation complexity for ANCHOR-Grid is moderate, requiring ENF signal extraction, but it avoids the heavy cryptographic dependencies seen in ECC and IDS. Cryptographic Signatures and Threshold-Based Detection are simpler to implement but lack the effectiveness needed for modern threats. ECC and IDS, on the other hand, are more complex due to the need for cryptographic operations and extensive network monitoring. When integrated with IoT devices, ANCHOR-Grid’s lightweight ENF-based approach makes it an ideal choice, particularly for constrained devices in smart grid environments. Traditional mechanisms like Cryptographic Signatures and Threshold-Based Detection are compatible with IoT but lack dynamic protection. ECC and IDS are resource-intensive, limiting their practicality for IoT systems. Lastly, the primary limitations of these mechanisms reveal ANCHOR-Grid’s edge in modern applications. While ANCHOR-Grid is sensitive to extreme noise levels (>20%), which can reduce its accuracy, traditional methods struggle against adaptive and novel attacks. Cryptographic Signatures are vulnerable to replay and key theft, Threshold-Based Detection fails against sophisticated threats, and ECC and IDS are resource-heavy and less effective for IoT systems.

6. Conclusions

This study presents ANCHOR-Grid, a groundbreaking approach to securing smart grid digital twins (DTs) by leveraging Electric Network Frequency (ENF) signals as real-world anchors. As smart grids increasingly rely on digital twins for real-time monitoring, optimization, and predictive analysis, the risks associated with deepfake attacks and data manipulation grow correspondingly. ANCHOR-Grid addresses these challenges by embedding unique ENF-based environmental fingerprints within data streams, enabling robust differentiation between legitimate and falsified inputs. This approach ensures that the integrity, authenticity, and reliability of digital twins remain intact, even under sophisticated adversarial conditions. Through extensive simulations, ANCHOR-Grid demonstrated its capability to detect and mitigate various cyber threats, including deepfake and replay attacks, noise injection, and tampering. The framework’s ability to maintain a high detection rate, even under challenging conditions such as increased attack frequency or network latency, underscores its robustness and adaptability. Additionally, using ENF signals as a temporal and spatial fingerprint introduces a lightweight, cost-effective, and tamper-resistant layer of security, reducing dependence on traditional cryptographic or GPS-based methods that may be vulnerable to spoofing or other attacks.

Beyond its technical contributions, ANCHOR-Grid represents a paradigm shift in how physical and digital systems interact and authenticate within critical infrastructure. By anchoring digital twins to the fluctuating, real-world conditions of the physical grid, the framework bridges the gap between the physical and virtual realms, ensuring seamless integration and synchronization. This capability not only enhances the resilience of smart grid systems but also establishes a foundation for broader applications of environmental fingerprinting in other domains such as transportation, healthcare, and smart cities. The study also highlights important directions for future research. These include scaling the ANCHOR-Grid framework to accommodate larger and more complex infrastructures, integrating it with emerging technologies such as blockchain for decentralized security, and exploring its applicability in scenarios beyond smart grids.

Furthermore, improving its resilience to high environmental noise levels and developing more sophisticated anomaly detection algorithms can enhance its utility and robustness. ANCHOR-Grid exemplifies how real-world environmental signals can be harnessed to fortify digital ecosystems against evolving cyber threats. Its innovative design, validated by rigorous testing, not only safeguards smart grid operations but also sets a precedent for integrating real-world anchors into digital infrastructures. This research contributes significantly to advancing secure, trustworthy, and resilient digital twin systems, paving the way for safer, more reliable smart grid ecosystems in an increasingly interconnected era.