Abstract
Applications developed for Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS of the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches.
The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline, to allow for the analysis of probabilistic packet flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis, and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ansilla, J.D., Vasudevan, N., JayachandraBensam, J., Anunciya, J.D.: Data security in smart grid with hardware implementation against DoS attacks. In: International Conference on Circuit Power and Computing Technologies, ICCPCT 2015, pp. 1–7 (2015)
Cherepanov, A.: WIN32/INDUSTROYER: A New Threat for Industrial Control Systems. Technical report, ESET, 12 June 2017
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Gaderer, G., Treytl, A., Sauter, T.: Security aspects for IEEE 1588 based clock synchronization protocols. In: IEEE International Workshop on Factory Communication Systems, WFCS 2006, Torino, Italy, pp. 247–250. Citeseer (2006)
Gross, D., Shortle, J.F., Thompson, J.M., Harris, C.M.: Fundamentals of Queueing Theory, 4th edn. Wiley-Interscience, New York (2008)
Hurst, W., Shone, N., Monnet, Q.: Predicting the effects of DDoS attacks on a network of critical infrastructures. In: IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, 2015, pp. 1697–1702, October 2015
Itkin, E., Wool, A.: A security analysis and revised security extension for the precision time protocol. In: IEEE International Symphosium on Precision Clock Synchronization for Measurement, Control, and Communication, ISPCS 2016, pp. 1–6 (2016)
Kammas, P., Komninos, T., Stamatiou, Y.C.: A queuing theory based model for studying intrusion evolution and elimination in computer networks. In: The Fourth International Conference on Information Assurance and Security, pp. 167–171, September 2008
Li, Q., Ross, C., Yang, J., Di, J., Balda, J.C., Mantooth, H.A.: The effects of flooding attacks on time-critical communications in the smart grid. In: 2015 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5, February 2015
Liu, S., Liu, X.P., Saddik, A.E.: Denial-of-Service (dos) attacks on load frequency control in smart grids. In: IEEE PES Innovative Smart Grid Technologies Conference ISGT 2013, pp. 1–6 (2013)
Malhotra, A., Goldberg, S.: Attacking NTP’s authenticated broadcast mode. SIGCOMM Comput. Commun. Rev. 46(2), 12–17 (2016)
TC 57 Power Systems Management and Associated Information Exchange. Communication Networks and Systems for Power Utility Automation - Part 7–2: Basic Information and Communication Structure - Abstract Communication Service Interface. IEC standard 61850-7-2. Technical report, International Electrotechnical Commission (2010)
Mitchell, D.L., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Workshop on Formal Methods and Security Protocols (1999)
Mizrahi, T.: A game theoretic analysis of delay attacks against time synchronization protocols. In: 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication, pp. 1–6, September 2012
Moussa, B., Debbabi, M., Assi, C.: A detection and mitigation model for PTP delay attack in a smart grid substation. In: IEEE International Conference on Smart Grid Communications, SmartGridComm 2015, pp. 497–502, November 2015
Osorio, C., Bierlaire, M.: An analytic finite capacity queueing network model capturing the propagation of congestion and blocking. Eur. J. Oper. Res. 196(3), 996–1007 (2009)
Patel, R., Borisaniya, B., Patel, A., Patel, D., Rajarajan, M., Zisman, A.: Comparative analysis of formal model checking tools for security protocol verification. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 152–163. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14478-3_16
Srikantha, P., Kundur, D.: Denial of service attacks and mitigation for stability in cyber-enabled power grid. In: 2015 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5, February 2015
TC 57 Power systems management and associated information exchange. Communication networks and systems for power utility automation - Part 5: Communication requirements for functions and device models. IEC standard 61850–5. Technical report, International Electrotechnical Commission (2013)
Tsang, J., Beznosov, K.: A security analysis of the precise time protocol (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 50–59. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_4
Ullmann, M., Vgeler, M.: Delay attacks - implication on NTP and PTP time synchronization. In: 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication, pp. 1–6, October 2009
Wan, X.Y., Li, Z., Fan, Z.F.: A SIP DoS flooding attack defense mechanism based on priority class queue. In: 2010 IEEE International Conference on Wireless Communications, Networking and Information Security, pp. 428–431, June 2010
Wang, Y., Lin, C., Li, Q., Fang, Y.: A queueing analysis for the denial of service (DoS) attacks in computer networks. Comput. Netw. 51(12), 3564–3573 (2007)
Wei, J., Kundur, D.: A flocking-based model for DoS-resilient communication routing in smart grid. IEEE Global Communications Conference, GLOBECOM 2012, pp. 3519–3524, December 2012
Acknowledgements
This work is supported by an EPSRC Academic Centres of Excellence in Cyber Security Research PhD grant. The authors would like to thank Joshua Robinson and Ela Kasprsky for their help in understanding some of the mathematical concepts used in this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Wright, J.G., Wolthusen, S.D. (2018). De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol. In: D'Agostino, G., Scala, A. (eds) Critical Information Infrastructures Security. CRITIS 2017. Lecture Notes in Computer Science(), vol 10707. Springer, Cham. https://doi.org/10.1007/978-3-319-99843-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-99843-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99842-8
Online ISBN: 978-3-319-99843-5
eBook Packages: Computer ScienceComputer Science (R0)