학술논문
ED4GAP: Efficient Detection for GOOSE-Based Poisoning Attacks on IEC 61850 Substations
Document Type
Conference
Author
Source
2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), 2020 IEEE International Conference on. :1-7 Nov, 2020
Subject
Language
Abstract
Devices in IEC 61850 substations use the generic object-oriented substation events (GOOSE) protocol to exchange protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. An adversary with access to the substation network can inject carefully crafted messages to impact the grid's availability. One of the most common such attacks, GOOSE-based poisoning, modifies the StNum and SqNum fields in the protocol data unit to take over GOOSE publications. We present ED4GAP, a network- level system for efficient detection of the poisoning attacks. We define a finite state machine model for network communication concerning the attacks. Guided by the model, ED4GAP analyzes network traffic out-of-band and detects attacks in real-time. We implement a prototype of the system and evaluate its detection accuracy. We provide a systematic approach to assessing bottlenecks, improving performance, and demonstrating that ED4GAP has low overhead and meets GOOSE's timing constraints.