Abstract
The ISO/IEC 61850 protocol for substation automation is a key component for the safe and efficient operation of smart grids, whilst offering a substantial range of functions. While extension standards, particularly ISO/IEC 62351 provide further security controls, the baseline protocol offers the assurances of access control and availability. In this paper a systematic study of selected aspects of the basic ISO/IEC 61850 protocol demonstrates that protocol-level vulnerabilities exist. The main finding is the development of a credential interception attack allowing an adversary, without credentials, to hijack a session during an initial association; the feasibility of this attack is proven using a formal language representation. A second attack based on a workflow amplification attack which relies on the assumptions in the protocol’s substation event model, which is independent of layered security controls and only relies on the protocol’s communication patterns is shown.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NERC implementation plan for cyber security standards CIP-002-1 through CIP-009-1. Technical report, NERC, 2006
Brand, D., Zafiropulo, P.: On communicating finite-state machines. J. ACM 30(2), 323–342 (1983)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)
East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the DNP3 protocol. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 67–81. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04798-5_5
Elgargouri, A., Virrankoski, R., Elmusrati, M.: IEC 61850 based smart grid security. In: 2015 IEEE International Conference on Industrial Technology (ICIT), pp. 2461–2465, March 2015
Hoyos, J., Dehus, M., Brown, T.X.: Exploiting the GOOSE protocol: a practical attack on cyber-infrastructure. In: 2012 IEEE Globecom Workshops, pp. 1508–1513, December 2012
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, IECON 2011, pp. 4490–4494, November 2011
Konstantinou, C., Maniatakos, M., Saqib, F., Hu, S., Plusquellic, J., Jin, Y.: Cyber-physical systems: a security perspective. In: 2015 20th IEEE European Test Symposium (ETS), pp. 1–8, May 2015
Kush, N., Ahmed, E., Branagan, M., Foo, E.: Poisoned GOOSE: exploiting the GOOSE protocol. In: Proceedings of the Twelfth Australasian Information Security Conference, AISC 2014, Darlinghurst, Australia, vol. 149, pp. 17–22. Australian Computer Society Inc. (2014)
Liu, F., Xie, T., Feng, Y., Feng, D.: On the security of PPPoE network. Secur. Commun. Netw. 5(10), 1159–1168 (2012)
TC 57 Power Systems Management and Associated Information Exchange: Power systems management and associated information exchange, data and communication security. IEC standard 62351. Technical report, International Electrotechnical Commission (2007)
TC 57 Power Systems Management and Associated Information Exchange: Communication networks and systems for power utility automation - Part 7–2: basic information and communication structure - abstract communication service interface. IEC standard 61850-7-2. Technical report, International Electrotechnical Commission (2010)
TC 57 Power Systems Management and Associated Information Exchange: Communication networks and systems for power utility automation - Part 5: communication requirements for functions and device models. IEC standard 61850–5. Technical report, International Electrotechnical Commission (2013)
Mander, T., Nabhani, F., Wang, L., Cheung, R.: Data object based security for DNP3 over TCP/IP for increased utility commercial aspects security. In: 2007 IEEE Power Engineering Society General Meeting, pp. 1–8, June 2007
Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Poll, E., Ruiter, J.D., Schubert, A.: Protocol state machines and session languages: specification, implementation, and security flaws. In: 2015 IEEE Security and Privacy Workshops (SPW), pp. 125–133, May 2015
Premaratne, U., Samarabandu, J., Sidhu, T., Beresh, R., Tan, J.C.: Security analysis and auditing of IEC61850-based automated substations. IEEE Trans. Power Deliv. 25(4), 2346–2355 (2010)
Rashid, M.T.A., Yussof, S., Yusoff, Y., Ismail, R.: A review of security attacks on IEC61850 substation automation system network. In: 2014 International Conference on Information Technology and Multimedia (ICIMU), pp. 5–10, November 2014
Kaspersky Lab’s Global Research and Analysis Team: Shamoon the wiper copycats at work. https://securelist.com/blog/incidents/57854/shamoon-the-wiper-copycats-at-work/
Sassaman, L., Patterson, M.L., Bratus, S., Locasto, M.E.: Security applications of formal language theory. IEEE Syst. J. 7(3), 489–500 (2013)
Shamir, U.: Analyzing a new variant of BlackEnergy 3 likely insider-based execution. Technical report, SentinelOne (2016)
Sipser, M.: Introduction to the Theory of Computation, 1st edn. International Thomson Publishing, Boston (1996)
Cisco Systems: IP multicast technology overview. https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/mcst_ovr.html
Wang, W., Lu, Z.: Survey cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013)
Wei, D., Lu, Y., Jafari, M., Skare, P.M., Rohde, K.: Protecting smart grid automation systems against cyberattacks. IEEE Trans. Smart Grid 2(4), 782–795 (2011)
Wood, D.K.N., Harang, D.R.E.: Grammatical inference and language frameworks for LANGSEC. In: 2015 IEEE Security and Privacy Workshops (SPW), pp. 88–98, May 2015
Yang, Y., Littler, T., Sezer, S., McLaughlin, K., Wang, H.F.: Impact of cyber-security issues on smart grid. In: 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe), pp. 1–7, December 2011
Acknowledgement
This work is supported by an EPSRC Academic Centres of Excellence in Cyber Security Research PhD grant.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wright, J.G., Wolthusen, S.D. (2017). Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)