Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. / Baiocco, Alessio; Wolthusen, Stephen.

Proceedings of the 2018 IEEE PES General Meeting. IEEE Press, 2018. p. 1-5.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. / Baiocco, Alessio; Wolthusen, Stephen.

Proceedings of the 2018 IEEE PES General Meeting. IEEE Press, 2018. p. 1-5.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Baiocco, A & Wolthusen, S 2018, Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. in Proceedings of the 2018 IEEE PES General Meeting. IEEE Press, pp. 1-5. https://doi.org/10.1109/PESGM.2018.8586010

APA

Baiocco, A., & Wolthusen, S. (2018). Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. In Proceedings of the 2018 IEEE PES General Meeting (pp. 1-5). IEEE Press. https://doi.org/10.1109/PESGM.2018.8586010

Vancouver

Baiocco A, Wolthusen S. Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. In Proceedings of the 2018 IEEE PES General Meeting. IEEE Press. 2018. p. 1-5 https://doi.org/10.1109/PESGM.2018.8586010

Author

Baiocco, Alessio ; Wolthusen, Stephen. / Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol. Proceedings of the 2018 IEEE PES General Meeting. IEEE Press, 2018. pp. 1-5

BibTeX

@inproceedings{85a828be378540ec8b0631fb06983893,
title = "Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol",
abstract = "The ISO/IEC 60870-5-104 standard for sending telecontrol messages first published in 2000 does not include security features, although the ISO/IEC 62351 standard adds features such as integrity protection and authentication even if this is not yet widely used.However, in this paper we argue that even in the presence of such security extensions, it is still possible to realise attacks by subverting the temporal relation between APDUs which implementations assume to be correct. To this end we have investigated attacks against the Network Time Protocol (NTP) used for clock synchronisation in most implementations and demonstrate that Master and Slave entities or other entities including intrusion detection sensors can be made to obtain messages with different time-stamps. This can lead to the assumption of causality reversal and will affect both control loops and process reconstruction by auditing, monitoring, and intrusion detection system. We demonstrate these results analytically and in a scenario based on a simulation framework allowing the study of different topologies and their varying effects on the visibility of messages and time synchronisation before proposing a mitigation mechanism.",
author = "Alessio Baiocco and Stephen Wolthusen",
year = "2018",
month = "12",
day = "24",
doi = "10.1109/PESGM.2018.8586010",
language = "English",
pages = "1--5",
booktitle = "Proceedings of the 2018 IEEE PES General Meeting",
publisher = "IEEE Press",

}

RIS

TY - GEN

T1 - Causality Re-Ordering Attacks on the IEC 60870-5-104 Protocol

AU - Baiocco, Alessio

AU - Wolthusen, Stephen

PY - 2018/12/24

Y1 - 2018/12/24

N2 - The ISO/IEC 60870-5-104 standard for sending telecontrol messages first published in 2000 does not include security features, although the ISO/IEC 62351 standard adds features such as integrity protection and authentication even if this is not yet widely used.However, in this paper we argue that even in the presence of such security extensions, it is still possible to realise attacks by subverting the temporal relation between APDUs which implementations assume to be correct. To this end we have investigated attacks against the Network Time Protocol (NTP) used for clock synchronisation in most implementations and demonstrate that Master and Slave entities or other entities including intrusion detection sensors can be made to obtain messages with different time-stamps. This can lead to the assumption of causality reversal and will affect both control loops and process reconstruction by auditing, monitoring, and intrusion detection system. We demonstrate these results analytically and in a scenario based on a simulation framework allowing the study of different topologies and their varying effects on the visibility of messages and time synchronisation before proposing a mitigation mechanism.

AB - The ISO/IEC 60870-5-104 standard for sending telecontrol messages first published in 2000 does not include security features, although the ISO/IEC 62351 standard adds features such as integrity protection and authentication even if this is not yet widely used.However, in this paper we argue that even in the presence of such security extensions, it is still possible to realise attacks by subverting the temporal relation between APDUs which implementations assume to be correct. To this end we have investigated attacks against the Network Time Protocol (NTP) used for clock synchronisation in most implementations and demonstrate that Master and Slave entities or other entities including intrusion detection sensors can be made to obtain messages with different time-stamps. This can lead to the assumption of causality reversal and will affect both control loops and process reconstruction by auditing, monitoring, and intrusion detection system. We demonstrate these results analytically and in a scenario based on a simulation framework allowing the study of different topologies and their varying effects on the visibility of messages and time synchronisation before proposing a mitigation mechanism.

U2 - 10.1109/PESGM.2018.8586010

DO - 10.1109/PESGM.2018.8586010

M3 - Conference contribution

SP - 1

EP - 5

BT - Proceedings of the 2018 IEEE PES General Meeting

PB - IEEE Press

ER -