De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol

James Wright, Stephen Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

153 Downloads (Pure)


Applications for developed Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS in the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches. The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline to allow for the analysis of probabilistic
packet flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.
Original languageEnglish
Title of host publicationProceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017)
Number of pages13
ISBN (Electronic)978-3-319-99843-5
ISBN (Print)978-3-319-99842-8
Publication statusPublished - 9 Sept 2018

Publication series

NameLecture Notes in Computer Science


  • Queue Networks, ISO/IEC 61850, Quality of Service, Protocol Analysis, De-synchronisation Attack

Cite this