Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5

  • Cas Cremers
  • Martin Dehnel-Wild
  • Kevin Milner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10492)


Most of the world’s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol’s three sub-protocols. In doing so, we consider the full state machine, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard’s intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols.

Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard.


  1. 1.
    DNP3 Secure Authentication v5 Tamarin Model.
  2. 2.
    IEC/TS 62351–2:2008, Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms. International Electrotechnical Commission (2008)Google Scholar
  3. 3.
    IEEE Standard for Electric Power Systems Communications-Distributed Network Protocol (DNP3). IEEE Std 1815–2012 pp. 1–821, October 2012Google Scholar
  4. 4.
    IEC/TS 62351–5:2013, Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870–5 and derivatives. International Electrotechnical Commission (2013)Google Scholar
  5. 5.
    Alliance for Telecommunications Industry Solutions: Glossary. Accessed Apr 2017
  6. 6.
    Amoah, R.: Formal security analysis of the DNP3-Secure Authentication Protocol. Ph.D. thesis, Queensland University of Technology (2016)Google Scholar
  7. 7.
    Amoah, R., Çamtepe, S.A., Foo, E.: Formal modelling and analysis of DNP3 secure authentication. J. Netw. Comput. Appl. 59, 345–360 (2016)CrossRefGoogle Scholar
  8. 8.
    Amoah, R., Çamtepe, S.A., Foo, E.: Securing DNP3 broadcast communications in SCADA systems. IEEE Trans. Ind. Inf. 12(4), 1474–1485 (2016)CrossRefGoogle Scholar
  9. 9.
    Amoah, R., Suriadi, S., Çamtepe, S.A., Foo, E.: Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model. In: IEEE International Conference on Communications, ICC 2014, pp. 827–833 (2014)Google Scholar
  10. 10.
    Basin, D.A., Cremers, C., Miyazaki, K., Radomirovic, S., Watanabe, D.: Improving the security of cryptographic protocol standards. IEEE Secur. Priv. 13(3), 24–31 (2015)CrossRefGoogle Scholar
  11. 11.
    Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: 2014 IEEE Symposium on Security and Privacy, pp. 98–113 (2014)Google Scholar
  12. 12.
    Cremers, C., Dehnel-Wild, M., Milner, K.: Secure authentication in the grid: a formal analysis of DNP3: SAv5 (Full Technical report) (2017).
  13. 13.
    DNP Users Group: A DNP3 Protocol Primer (Revision A) (2005). Accessed Apr 2017
  14. 14.
    East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the DNP3 protocol. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 67–81. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04798-5_5 CrossRefGoogle Scholar
  15. 15.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28632-5_9 CrossRefGoogle Scholar
  16. 16.
    ISO/IEC: ISO/IEC 9798–1:1997, Part 1: General (1997). Accessed Apr 2017
  17. 17.
    Kelsey, J., Schneier, B., Wagner, D.A.: Protocol Interactions and the Chosen Protocol Attack. In: 5th Workshop on Security Protocols, pp. 91–104 (1997)Google Scholar
  18. 18.
    Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43, June 1997Google Scholar
  19. 19.
    Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: ACM CCS 2012, pp. 62–72 (2012)Google Scholar
  20. 20.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_48 CrossRefGoogle Scholar
  21. 21.
    Paterson, K.G., Merwe, T.: Reactive and proactive standardisation of TLS. In: Chen, L., McGrew, D., Mitchell, C. (eds.) SSR 2016. LNCS, vol. 10074, pp. 160–186. Springer, Cham (2016). doi: 10.1007/978-3-319-49100-4_7 CrossRefGoogle Scholar
  22. 22.
    Shirey, R.: RFC 2828 - Internet security glossary (2000). Accessed Apr 2017
  23. 23.
    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., et al.: Announcing the first SHA1 collision (2017). Accessed Apr 2017
  24. 24.
    Tawde, R., Nivangune, A., Sankhe, M.: Cyber security in smart grid SCADA automation systems. In: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–5 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations