Stealthy Injection Attacks Against IEC61850's GOOSE Messaging Service

IEC61850 and IEC62351 combined provide a set of security promises for the communications channels that are used to run a substation automation system (SAS), that use IEC61850 based technologies. However, one area that is largely untouched by these security promises is the generic object oriented substation events (GOOSE) messaging service. GOOSE is designed to multicast commands and data across a substation within hard real time quality of service (QoS) requirements. This means that GOOSE is unable to implement the required security technologies as the added latency to any message would violate the QoS.

[1]  Ahmed Eltom,et al.  Transformer Load Tap Changer control using IEC 61850 GOOSE messaging , 2013, 2013 IEEE Power & Energy Society General Meeting.

[2]  Mohamad El Hariri,et al.  On the Implementation of the IEC 61850 Standard: Will Different Manufacturer Devices Behave Similarly under Identical Conditions? , 2016 .

[3]  Stephen D. Wolthusen,et al.  Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol , 2016, CRITIS.

[4]  Yannis C. Stamatiou,et al.  A Queuing Theory Based Model for Studying Intrusion Evolution and Elimination in Computer Networks , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[5]  Zhang Li,et al.  A SIP DoS flooding attack defense mechanism based on priority class queue , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[6]  Carl Kriger,et al.  A Detailed Analysis of the GOOSE Message Structure in an IEC 61850 Standard-Based Substation Automation System , 2013, Int. J. Comput. Commun. Control.

[7]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[8]  Claudia Eckert,et al.  Novel weaknesses in IEC 62351 protected Smart Grid control systems , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[9]  Ejaz Ahmed,et al.  Poisoned GOOSE: Exploiting the GOOSE Protocol , 2014, AISC.

[10]  Timothy X. Brown,et al.  Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[11]  Al-Sakib Khan Pathan,et al.  Securing Cyber-Physical Systems , 2015 .

[12]  Mostafa Ammar,et al.  Security issues and solutions in multicast content distribution: a survey , 2003 .

[13]  Yuguang Fang,et al.  A queueing analysis for the denial of service (DoS) attacks in computer networks , 2007, Comput. Networks.