ED4GAP: Efficient Detection for GOOSE-Based Poisoning Attacks on IEC 61850 Substations

Atul Bohara, Jordi Ros-Giralt, Ghada Elbez, Alfonso Valdes, Klara Nahrstedt, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.

Original languageEnglish (US)
Title of host publication2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728161273
DOIs
StatePublished - Nov 11 2020
Event2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020 - Tempe, United States
Duration: Nov 11 2020Nov 13 2020

Publication series

Name2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020

Conference

Conference2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
Country/TerritoryUnited States
CityTempe
Period11/11/2011/13/20

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Energy Engineering and Power Technology
  • Electrical and Electronic Engineering
  • Control and Optimization

Fingerprint

Dive into the research topics of 'ED4GAP: Efficient Detection for GOOSE-Based Poisoning Attacks on IEC 61850 Substations'. Together they form a unique fingerprint.

Cite this