De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks : Attacking the ISO/IEC 61850 Substation Automation Protocol. / Wright, James; Wolthusen, Stephen.

Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017). Springer-Verlag, 2018. p. 131-143 (Lecture Notes in Computer Science; Vol. 10707).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks : Attacking the ISO/IEC 61850 Substation Automation Protocol. / Wright, James; Wolthusen, Stephen.

Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017). Springer-Verlag, 2018. p. 131-143 (Lecture Notes in Computer Science; Vol. 10707).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Wright, J & Wolthusen, S 2018, De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol. in Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017). Lecture Notes in Computer Science, vol. 10707, Springer-Verlag, pp. 131-143. https://doi.org/10.1007/978-3-319-99843-5_12

APA

Wright, J., & Wolthusen, S. (2018). De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol. In Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017) (pp. 131-143). (Lecture Notes in Computer Science; Vol. 10707). Springer-Verlag. https://doi.org/10.1007/978-3-319-99843-5_12

Vancouver

Wright J, Wolthusen S. De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol. In Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017). Springer-Verlag. 2018. p. 131-143. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-99843-5_12

Author

Wright, James ; Wolthusen, Stephen. / De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks : Attacking the ISO/IEC 61850 Substation Automation Protocol. Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017). Springer-Verlag, 2018. pp. 131-143 (Lecture Notes in Computer Science).

BibTeX

@inproceedings{7580e2dff7ea4bda8da32dc1b54527fa,
title = "De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol",
abstract = "Applications for developed Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS in the standard. This paper proposes a framework for studying a protocol{\textquoteright}s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches. The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline to allow for the analysis of probabilisticpacket flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.",
keywords = "Queue Networks, ISO/IEC 61850, Quality of Service, Protocol Analysis, De-synchronisation Attack",
author = "James Wright and Stephen Wolthusen",
year = "2018",
month = sep,
day = "9",
doi = "10.1007/978-3-319-99843-5_12",
language = "English",
isbn = "978-3-319-99842-8",
series = "Lecture Notes in Computer Science",
publisher = "Springer-Verlag",
pages = "131--143",
booktitle = "Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017)",

}

RIS

TY - GEN

T1 - De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks

T2 - Attacking the ISO/IEC 61850 Substation Automation Protocol

AU - Wright, James

AU - Wolthusen, Stephen

PY - 2018/9/9

Y1 - 2018/9/9

N2 - Applications for developed Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS in the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches. The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline to allow for the analysis of probabilisticpacket flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.

AB - Applications for developed Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS in the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches. The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline to allow for the analysis of probabilisticpacket flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.

KW - Queue Networks, ISO/IEC 61850, Quality of Service, Protocol Analysis, De-synchronisation Attack

U2 - 10.1007/978-3-319-99843-5_12

DO - 10.1007/978-3-319-99843-5_12

M3 - Conference contribution

SN - 978-3-319-99842-8

T3 - Lecture Notes in Computer Science

SP - 131

EP - 143

BT - Proceedings of the 12th International Conference on Critical Information Infrastructures Security (CRITIS 2017)

PB - Springer-Verlag

ER -