Abstract
The ISO/IEC 60870-5-104 standard for sending telecontrol messages first published in 2000 does not include security features, although the ISO/IEC 62351 standard adds features such as integrity protection and authentication even if this is not yet widely used.However, in this paper we argue that even in the presence of such security extensions, it is still possible to realise attacks by subverting the temporal relation between APDUs which implementations assume to be correct. To this end we have investigated attacks against the Network Time Protocol (NTP) used for clock synchronisation in most implementations and demonstrate that Master and Slave entities or other entities including intrusion detection sensors can be made to obtain messages with different time-stamps. This can lead to the assumption of causality reversal and will affect both control loops and process reconstruction by auditing, monitoring, and intrusion detection system. We demonstrate these results analytically and in a scenario based on a simulation framework allowing the study of different topologies and their varying effects on the visibility of messages and time synchronisation before proposing a mitigation mechanism.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2018 IEEE PES General Meeting |
Publisher | IEEE Press |
Pages | 1-5 |
Number of pages | 5 |
ISBN (Electronic) | 978-1-5386-7703-2 |
DOIs | |
Publication status | Published - 24 Dec 2018 |