TY - GEN
T1 - ED4GAP
T2 - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
AU - Bohara, Atul
AU - Ros-Giralt, Jordi
AU - Elbez, Ghada
AU - Valdes, Alfonso
AU - Nahrstedt, Klara
AU - Sanders, William H.
N1 - Funding Information:
The authors would like to thank the anonymous reviewers for their helpful comments, and Jenny Applequist for her editorial assistance. This material is based upon work supported in part by the Department of Energy under Award Number DE-OE0000780 and in part by Helmholtz Programm Energieeffizienz, Materialien und Ressourcen (34.15.01), Kas-tel BMBF Projekt Sicherheit kritischer Infrastrukturen, BMBF Energiesystem 2050 and the Karlsruhe House of Young Scientists. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/11/11
Y1 - 2020/11/11
N2 - Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.
AB - Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.
UR - http://www.scopus.com/inward/record.url?scp=85099451895&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099451895&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm47815.2020.9303015
DO - 10.1109/SmartGridComm47815.2020.9303015
M3 - Conference contribution
AN - SCOPUS:85099451895
T3 - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
BT - 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 November 2020 through 13 November 2020
ER -