Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5

Most of the world’s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol’s three sub-protocols. In doing so, we consider the full state machine, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard’s intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols.

[1]  Kenneth G. Paterson,et al.  Reactive and Proactive Standardisation of TLS , 2016, SSR.

[2]  Manoj S. Sankhe,et al.  Cyber security in smart grid SCADA automation systems , 2015, 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[3]  Ernest Foo,et al.  Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model , 2014, 2014 IEEE International Conference on Communications (ICC).

[4]  Frederik Vercauteren,et al.  A cross-protocol attack on the TLS protocol , 2012, CCS.

[5]  Kunihiko Miyazaki,et al.  Improving the Security of Cryptographic Protocol Standards , 2015, IEEE Security & Privacy.

[6]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[7]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[8]  Ernest Foo,et al.  Formal modelling and analysis of DNP3 secure authentication , 2016, J. Netw. Comput. Appl..

[9]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[11]  Alfredo Pironti,et al.  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.

[12]  Ernest Foo,et al.  Securing DNP3 Broadcast Communications in SCADA Systems , 2016, IEEE Transactions on Industrial Informatics.

[13]  Kenneth G. Paterson,et al.  Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol , 2015, International Journal of Information Security.

[14]  Raphael Amoah,et al.  Formal security analysis of the DNP3-Secure Authentication Protocol , 2016 .

[15]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.