TY - GEN
T1 - ED4GAP
T2 - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
AU - Bohara, Atul
AU - Ros-Giralt, Jordi
AU - Elbez, Ghada
AU - Valdes, Alfonso
AU - Nahrstedt, Klara
AU - Sanders, William H.
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/11/11
Y1 - 2020/11/11
N2 - Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.
AB - Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.
UR - http://www.scopus.com/inward/record.url?scp=85099451895&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099451895&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm47815.2020.9303015
DO - 10.1109/SmartGridComm47815.2020.9303015
M3 - Conference contribution
AN - SCOPUS:85099451895
T3 - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
BT - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 November 2020 through 13 November 2020
ER -