Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center.

Slides:



Advertisements
Similar presentations
Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.
Advertisements

TRUST for SCADA: A Simulation-based Experimental Platform
Guide to Network Defense and Countermeasures Second Edition
Sponsored by the National Science Foundation The Hive Mind: Applying a Security Sensor Network to GENI Spiral 2 Year-end Project Review University of California,
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
Copyright © 2005 Department of Computer Science CPSC 641 Winter PERFORMANCE EVALUATION Often in Computer Science you need to: – demonstrate that.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois.
Chapter 19: Network Management Business Data Communications, 4e.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.
Microsoft Ignite /16/2017 4:54 PM
1 PERFORMANCE EVALUATION H Often in Computer Science you need to: – demonstrate that a new concept, technique, or algorithm is feasible –demonstrate that.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.
LAN/WAN Optimization Techniques. Agenda Current Traffic Current Traffic Equipment Inventory and Forecasted Growth Equipment Inventory and Forecasted Growth.
Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.
Personnel hours$10,000-$12,000 Hardware Virtualization Server(?)$3000-$10,000 SIPROTEC 4 7SJ61 Relay s$0 SCALANCE S612 Security.
Tcipg.org 1 An Alert Buffer Overflow Attack in DNP3 Controlled SCADA Systems Objectives/Problem Investigate a simple but effective attack to block legitimated.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
| 1 Leveraging Research/Industry Collaboration for Cybersecurity Technology Adoption: The TCIPG Story Alfonso Valdes, University of Illinois On behalf.
Cyber Security of SCADA Systems Testbed Testbed Development Group Members: Justin Fitzpatrick Rafi Adnan Michael Higdon Ben Kregel Adviser: Dr. Manimaran.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.
Chapter 1 Introduction to Simulation
Statement of Work NRL EEE/ESG And SRSS. First Year EEE 1.Assist in determining if the CoABS architecture/technology can successfully transition to U.S.
Yuan Xue Vanderbilt University
Self-Introduction Dong (Kevin) Jin Education University of Illinois at Urbana-Champaign(UIUC) Aug 2007 – Present –PhD Candidate in Electrical and Computer.
The Virtual Power System Testbed (VPST) and Inter- Testbed Integration August 10, 2009 David Bergman Dong Jin Prof. David Nicol Tim Yardley (Presenter)
NC-BSI: 3.3 Data Fusion for Decision Support Problem Statement/Objectives: Problem - Accurate situation awareness requires rapid integration of heterogeneous.
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
1. Process Gather Input – Today Form Coherent Consensus – Next two months.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006.
Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 4 TCP/IP Network Simulation.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee* Cybersecurity Research.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
Marin Frankovic Datacenter TSP
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Efficient Gigabit Ethernet Switch Models for Large-Scale Simulation Dong (Kevin) Jin David Nicol Matthew Caesar University of Illinois.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Role Of Network IDS in Network Perimeter Defense.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
IS3220 Information Technology Infrastructure Security
Wireless Access and Networking Technology (WANT) Lab. An Efficient Data Aggregation Approach for Large Scale Wireless Sensor Networks Globecom 2010 Lutful.
Integrated Simulation and Emulation Platform for Cyber-Physical System Security Experimentation Wei Yan, Yuan Xue, Xiaowei Li, Jiannian Weng, Timothy Busch,
ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Kevin Watson and Ammar Ammar IT Asset Visibility.
MadeCR: Correlation-based Malware Detection for Cognitive Radio
Products/Solutions/Expertise of C-DAC Mumbai in Smart City Domain
How SCADA Systems Work?.
An Overview of the ITTC Networking & Distributed Systems Laboratory
Cyber Security of SCADA Systems
The Extensible Tool-chain for Evaluation of Architectural Models
Kellen Oleksak, Kevin Tomsovic, Hantao Cui
DNP3 Overview What is DNP3? DNP3 Architecture Basics
Computer Systems Performance Evaluation
Performance Evaluation of Computer Networks
PRISTINE Programmability In RINA for Supreme Virtualised Networks Miguel Ponce de Leon (TSSG) on behalf of the PRISTINE team Laying the groundwork for.
Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.
Computer Systems Performance Evaluation
Wenyu Ren, Timothy Yardley, Klara Nahrstedt
Performance Evaluation of Computer Networks
Cyber Security of SCADA Systems Remote Terminal Units (RTU)
Applying Policy-Based Intrusion Detection to SCADA Networks
Presentation transcript:

Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center. We show a simple but effective attack to block legitimated traffic by overflowing the event buffer inside a data aggregator, and investigate the attack by Using a packet-based network simulation of the attack A Discrete Time Markov Chain (DTMC) model for understanding conditions under which the attack’s behavior Implement the attack using real SCADA system hardware and software in TCIPG lab, validate models Research Results Implemented the buffer overflow attack in SEL3351 data aggregator. The data aggregator periodically polls two slave devices. The compromised slave sends overly many false alerts via unsolicited response and successfully blocks the other device’s alert event. To conduct the same test cases on SEL1102 and SEL3354 once they are in the TCIPG labs. Developed a full-stack DNP3 protocol running on top of both TCP and UDP in a discrete-event simulator, PacketSim. The DNP3 protocol is composed of a master service and an outstation service. SCADA devices such as control station, data aggregator and relay are represented as entities. Each entity has a master service or an outstation service or both. The DNP3 protocol in PacketSim currently supports the following actions: A master device periodically polls the connected outstations. An outstation sends unsolicited responses to its master. A master sends control command to an outstation, such as trip/close a relay Broader Impact Raise the awareness of the existence of very simple and effective flooding attack on real SCADA devices Provide simulation platform for assessing security vulnerabilities and proposed countermeasures in a realistic large-scale setting Fundamental Questions/Challenges How can an attacker effectively block the awareness in a typical SCADA network with DNP3 by utilizing a compromised low-end slave device? When is the buffer overflow attack an actual attack? Can it be applied to many real devices? What are the countermeasures? How do we approach experimental design in the “security for power grid context”? What are the metrics? How best do we explore the design space? Research Plan Configure the real SCADA devices testbed in TCIPG lab to form a typical architectures using DNP3 with a two level hierarchy, where a data aggregator device receives observation state from field devices, and the control center obtains the aggregated state from the data aggregator Develop programs to send user-controlled unsolicited response to the data aggregator Flood data aggregators with unsolicited responses in order to overflow the event buffer, and therefore block the pending alerts from normal field devices. The unsolicited response varies from one data point of single type to a group of data points of multiple types. Develop an analytical model using DTMC and queueing theory Develop a Möbius model and evaluate reward functions such as rate at which legitimate alerts are lost, and the delay of alerts that survive the attack Develop a simulation model in a packet-based network simulator, and evaluate its accuracy and performance in large scale. Interaction with Other Projects Leverage PowerWorld for importing realistic power data Construct and numerically evaluate models using Möbius Future Efforts Assess security vulnerabilities in DNP3 protocol and DNP3 devices by utilizing the following tools: Mu Dynamics 8000 (Fuzz Testing) Triangle Microworks test harness (Emulation) PacketSim (Simulation) Evaluate the DNP3 Security Authentication (DNP3 SA) protocol in terms of security and performance Further efforts developing SCADA protocols and devices models in large-scale network simulator Trustworthy Cyber Infrastructure for the Power Grid University of Illinois Dartmouth College Cornell University UC Davis Washington State University An Alert Buffer Overflow Attack in DNP3 Controlled SCADA Systems Kevin Jin and David Nicol Relay Data Aggregator … … … Control Station Typical SCADA architectures using DNP3 with a two level hierarchy μ Control Station Polling Rate λ 1 Flooding Rate λ 2 Data Aggregator Polling Rate μ λ1λ1 λ2λ2 Attacker Normal Relay

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.