Skip to main content
SpringerLink
Log in

Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10242))

Abstract

The ISO/IEC 61850 protocol for substation automation is a key component for the safe and efficient operation of smart grids, whilst offering a substantial range of functions. While extension standards, particularly ISO/IEC 62351 provide further security controls, the baseline protocol offers the assurances of access control and availability. In this paper a systematic study of selected aspects of the basic ISO/IEC 61850 protocol demonstrates that protocol-level vulnerabilities exist. The main finding is the development of a credential interception attack allowing an adversary, without credentials, to hijack a session during an initial association; the feasibility of this attack is proven using a formal language representation. A second attack based on a workflow amplification attack which relies on the assumptions in the protocol’s substation event model, which is independent of layered security controls and only relies on the protocol’s communication patterns is shown.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. NERC implementation plan for cyber security standards CIP-002-1 through CIP-009-1. Technical report, NERC, 2006

    Google Scholar 

  2. Brand, D., Zafiropulo, P.: On communicating finite-state machines. J. ACM 30(2), 323–342 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  3. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  4. East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the DNP3 protocol. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 67–81. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04798-5_5

    Chapter  Google Scholar 

  5. Elgargouri, A., Virrankoski, R., Elmusrati, M.: IEC 61850 based smart grid security. In: 2015 IEEE International Conference on Industrial Technology (ICIT), pp. 2461–2465, March 2015

    Google Scholar 

  6. Hoyos, J., Dehus, M., Brown, T.X.: Exploiting the GOOSE protocol: a practical attack on cyber-infrastructure. In: 2012 IEEE Globecom Workshops, pp. 1508–1513, December 2012

    Google Scholar 

  7. Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, IECON 2011, pp. 4490–4494, November 2011

    Google Scholar 

  8. Konstantinou, C., Maniatakos, M., Saqib, F., Hu, S., Plusquellic, J., Jin, Y.: Cyber-physical systems: a security perspective. In: 2015 20th IEEE European Test Symposium (ETS), pp. 1–8, May 2015

    Google Scholar 

  9. Kush, N., Ahmed, E., Branagan, M., Foo, E.: Poisoned GOOSE: exploiting the GOOSE protocol. In: Proceedings of the Twelfth Australasian Information Security Conference, AISC 2014, Darlinghurst, Australia, vol. 149, pp. 17–22. Australian Computer Society Inc. (2014)

    Google Scholar 

  10. Liu, F., Xie, T., Feng, Y., Feng, D.: On the security of PPPoE network. Secur. Commun. Netw. 5(10), 1159–1168 (2012)

    Article  Google Scholar 

  11. TC 57 Power Systems Management and Associated Information Exchange: Power systems management and associated information exchange, data and communication security. IEC standard 62351. Technical report, International Electrotechnical Commission (2007)

    Google Scholar 

  12. TC 57 Power Systems Management and Associated Information Exchange: Communication networks and systems for power utility automation - Part 7–2: basic information and communication structure - abstract communication service interface. IEC standard 61850-7-2. Technical report, International Electrotechnical Commission (2010)

    Google Scholar 

  13. TC 57 Power Systems Management and Associated Information Exchange: Communication networks and systems for power utility automation - Part 5: communication requirements for functions and device models. IEC standard 61850–5. Technical report, International Electrotechnical Commission (2013)

    Google Scholar 

  14. Mander, T., Nabhani, F., Wang, L., Cheung, R.: Data object based security for DNP3 over TCP/IP for increased utility commercial aspects security. In: 2007 IEEE Power Engineering Society General Meeting, pp. 1–8, June 2007

    Google Scholar 

  15. Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)

    Article  Google Scholar 

  16. Poll, E., Ruiter, J.D., Schubert, A.: Protocol state machines and session languages: specification, implementation, and security flaws. In: 2015 IEEE Security and Privacy Workshops (SPW), pp. 125–133, May 2015

    Google Scholar 

  17. Premaratne, U., Samarabandu, J., Sidhu, T., Beresh, R., Tan, J.C.: Security analysis and auditing of IEC61850-based automated substations. IEEE Trans. Power Deliv. 25(4), 2346–2355 (2010)

    Article  Google Scholar 

  18. Rashid, M.T.A., Yussof, S., Yusoff, Y., Ismail, R.: A review of security attacks on IEC61850 substation automation system network. In: 2014 International Conference on Information Technology and Multimedia (ICIMU), pp. 5–10, November 2014

    Google Scholar 

  19. Kaspersky Lab’s Global Research and Analysis Team: Shamoon the wiper copycats at work. https://securelist.com/blog/incidents/57854/shamoon-the-wiper-copycats-at-work/

  20. Sassaman, L., Patterson, M.L., Bratus, S., Locasto, M.E.: Security applications of formal language theory. IEEE Syst. J. 7(3), 489–500 (2013)

    Article  Google Scholar 

  21. Shamir, U.: Analyzing a new variant of BlackEnergy 3 likely insider-based execution. Technical report, SentinelOne (2016)

    Google Scholar 

  22. Sipser, M.: Introduction to the Theory of Computation, 1st edn. International Thomson Publishing, Boston (1996)

    MATH  Google Scholar 

  23. Cisco Systems: IP multicast technology overview. https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/mcst_ovr.html

  24. Wang, W., Lu, Z.: Survey cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013)

    Article  Google Scholar 

  25. Wei, D., Lu, Y., Jafari, M., Skare, P.M., Rohde, K.: Protecting smart grid automation systems against cyberattacks. IEEE Trans. Smart Grid 2(4), 782–795 (2011)

    Article  Google Scholar 

  26. Wood, D.K.N., Harang, D.R.E.: Grammatical inference and language frameworks for LANGSEC. In: 2015 IEEE Security and Privacy Workshops (SPW), pp. 88–98, May 2015

    Google Scholar 

  27. Yang, Y., Littler, T., Sezer, S., McLaughlin, K., Wang, H.F.: Impact of cyber-security issues on smart grid. In: 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe), pp. 1–7, December 2011

    Google Scholar 

Download references

Acknowledgement

This work is supported by an EPSRC Academic Centres of Excellence in Cyber Security Research PhD grant.

Author information

Authors and Affiliations

  1. School of Mathematics and Information Security, Royal Holloway, University of London, Egham, TW20 0EX, UK

    James G. Wright & Stephen D. Wolthusen

  2. Norwegian Information Security Laboratory, Norwegian University of Science and Technology, Trondheim, Norway

    Stephen D. Wolthusen

Authors
  1. James G. Wright
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stephen D. Wolthusen .

Editor information

Editors and Affiliations

  1. International Union of Railways, Paris, France

    Grigore Havarneanu

  2. University Campus Bio-Medico, Rome, Italy

    Roberto Setola

  3. Ecole des Ingénieurs de la Ville de Paris (EIVP), Paris, France

    Hypatia Nassopoulos

  4. Royal Holloway, University of London, London, United Kingdom

    Stephen Wolthusen

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wright, J.G., Wolthusen, S.D. (2017). Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71368-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71367-0

  • Online ISBN: 978-3-319-71368-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation