A Bandwidth-Efficient Secure Authentication Module for Smart Grid DNP3 Protocol

DNP3 is one of the oldest and widely used communication protocols for smart power grid, which has been upgraded to DNP3 Secure Authentication (SA) to address the increasing security needs of power grid applications. However, in practice, such upgrade was only deployed for critical operations due to its major overhead while non-critical operations are still not protected. Nevertheless, with the ongoing transformations in power grid, the underlying infrastructure is no longer isolated and needs to support a wide variety of applications. Consequently, this transformation requires applying DNP3-SA for all operations, whether they are critical or not. This requirement creates additional challenges since it will reduce network bandwidth availability by causing additional overhead on communication links especially if the underlying infrastructure is legacy. Therefore, in this paper, we propose a revision for DNP3-SA module to eliminate such overhead concerns on the bandwidth due to security operations. Specifically, we introduce a new authentication module that utilizes dynamic key-generation schemes to support mutual authentication for DNP3 in 0-Round Trip Time (RTT) and provides replay-attack prevention. The evaluation on a realistic low-bandwidth wireless LoRa testbed shows that the proposed extensions improve the security of DNP3-SA while significantly decreasing the message overhead of currently used authentication module. Thus, it is suitable for ongoing power grid transformation and supports evolving security needs.

[1]  Riccardo Pucella Review of Foundations of Cryptography II : Basic Applications ∗ , 2005 .

[2]  Thomas Lagkas,et al.  A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics , 2020, IEEE Communications Surveys & Tutorials.

[3]  Thomas Watteyne,et al.  Understanding the Limits of LoRaWAN , 2016, IEEE Communications Magazine.

[4]  David M. Nicol,et al.  An event buffer flooding attack in DNP3 controlled SCADA systems , 2011, Proceedings of the 2011 Winter Simulation Conference (WSC).

[5]  Coroiu Nicolae,et al.  SCADA: Supervisory Control and Data Acquisition , 2015 .

[6]  Tarek Saadawi,et al.  Vulnerability Assessment and Experimentation of Smart Grid DNP3 , 2016, J. Cyber Secur. Mobil..

[7]  Cas J. F. Cremers,et al.  Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5 , 2017, ESORICS.

[8]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[9]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[10]  Sujeet Shenoi,et al.  Security Analysis of Multilayer SCADA Protocols , 2007, Critical Infrastructure Protection.

[11]  Brian Waldron,et al.  All About Eve: Comparing DNP3 Secure Authentication With Standard Security Technologies for SCADA Communications , 2019 .

[12]  Huy Hoang Ngo,et al.  Dynamic Key Cryptography and Applications , 2010, Int. J. Netw. Secur..

[13]  Taskin Koçak,et al.  Smart Grid Technologies: Communication Technologies and Standards , 2011, IEEE Transactions on Industrial Informatics.

[14]  Ernest Foo,et al.  Securing DNP3 Broadcast Communications in SCADA Systems , 2016, IEEE Transactions on Industrial Informatics.

[15]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[16]  Sergey Bratus,et al.  Bolt-On Security Extensions for Industrial Control System Protocols: A Case Study of DNP3 SAv5 , 2015, IEEE Security & Privacy.

[17]  Ernest Foo,et al.  Formal modelling and analysis of DNP3 secure authentication , 2016, J. Netw. Comput. Appl..

[18]  Tao Feng,et al.  Research on trusted DNP3-BAE protocol based on hash chain , 2018, EURASIP Journal on Wireless Communications and Networking.

[19]  Alfredo Pironti,et al.  Formal Vulnerability Analysis of a Security System for Remote Fieldbus Access , 2011, IEEE Transactions on Industrial Informatics.

[20]  Francesco Parisi-Presicce,et al.  DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[21]  Anna Volkova,et al.  Security Challenges in Control Network Protocols: A Survey , 2019, IEEE Communications Surveys & Tutorials.