Stealthy Injection Attacks Against IEC61850’s GOOSE Messaging Service. / Wright, James; Wolthusen, Stephen.

Proceedings of the 2018 IEEE PES Innovative Smart Grid Technologies Conference Europe. IEEE Press, 2018. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Forthcoming

Documents

  • Manuscript

    Accepted author manuscript, 322 KB, PDF-document

Abstract

IEC61850 and IEC62351 combined provide a set
of security promises for the communications channels that are
used to run a substation automation system (SAS), that use
IEC61850 based technologies. However, one area that is largely
untouched by these security promises is the generic object
oriented substation events (GOOSE) messaging service. GOOSE
is designed to multicast commands and data across a substation
within hard real time quality of service (QoS) requirements.
This means that GOOSE is unable to implement the required
security technologies as the added latency to any message would
violate the QoS.
The focus of the security research into the GOOSE messaging
service has been on how it can be used to undermine IEC61850’s
security promise of availability, but these attacks will be detected
in time. Given GOOSE’s lack of security it is likely that the
messaging service will be used to propagate a small number
of messages to force the SAS to perform undesired actions,
whilst avoiding undermining availability. It appears none of the
analysis into GOOSE’s security has considered this.
This analysis looks to find the minimum parameters that an
adversary would have to fulfil, and probability of success, to
inject a single malicious message into a intelligent electronic
device (IED). This work develops a model for calculating the
likelihood a malicious message will be successfully injected
given a rate message injection, using a single M=M=1=K queue.
It then uses this model to test the effectiveness of various
countermeasures, such as a message buffer, rate limiting,
a threshold of the number of malicious messages in the
required for detection, and stringent enforcement of the QoS
requirements.
Original languageEnglish
Title of host publicationProceedings of the 2018 IEEE PES Innovative Smart Grid Technologies Conference Europe
PublisherIEEE Press
Pages1-6
Number of pages6
StateAccepted/In press - 21 May 2018
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 30326114