Simulation of Man in the Middle Attack On Smart Grid Testbed

Fritz, Jared J.; Sagisi, Joseph; James, J.R.; Leger, Aaron St.; King, Kyle; Duncan, Kate J.

doi:10.1109/southeastcon42311.2019.9020426

“…Authors in [1] present a MiTM attack on PMUs and PDCs by generating IEEE C37.118 packets using Wireshark. The use of Wireshark for creating a MiTM attack is unrealistic because it adds latency to the system that can be easily detected.…”

Section: Related Workmentioning

confidence: 99%

“…The integration of information technology (IT) with industrial control systems (ICS) has revolutionized smart control of critical infrastructure systems such as energy, water, chemical, and transportation. Fast and accurate remote data collection and processing are helping to automate and optimize these sectors [1]. Initially, the integration of IT (cyber) and ICS (physical) systems focused on utility rather than data security.…”

Section: Introductionmentioning

confidence: 99%

Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed

Wlazlo

¹

,

Sahu

²

,

Mao

³

et al. 2021

IET Cyber-Phy Sys Theory & Ap

View full text Add to dashboard Cite

Man-in-The-Middle (MiTM) attacks present numerous threats to a smart grid. In a MiTM attack, an intruder embeds itself within a conversation between two devices to either eavesdrop or impersonate one of the devices, making it appear to be a normal exchange of information. Thus, the intruder can perform false data injection (FDI) and false command injection (FCI) attacks that can compromise power system operations, such as state estimation, economic dispatch, and automatic generation control (AGC). Very few researchers have focused on MiTM methods that are difficult to detect within a smart grid. To address this, we are designing and implementing multi-stage MiTM intrusions in an emulation-based cyber-physical power system testbed against a large-scale synthetic grid model to demonstrate how such attacks can cause physical contingencies such as misguided operation and false measurements. MiTM intrusions create FCI, FDI, and replay attacks in this synthetic power grid. This work enables stakeholders to defend against these stealthy attacks, and we present detection mechanisms that are developed using multiple alerts from intrusion detection systems and network monitoring tools. Our contribution will enable other smart grid security researchers and industry to develop further detection mechanisms for inconspicuous MiTM attacks.This is an open access article under the terms of the Creative Commons Attribution-NonCommercial License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes.

show abstract

“…Process the dnp3P oint.chunkIndex[0] and dnp3P oint.chunkIndex [1] mod pkt = send to master(mod pkt) 22: return mod pkt 23: end function sponse stating that the breaker is opening. The intruder then modifies the true response into a binary CLOSE response and forwards it to the operator.…”

Section: F Acknowledgements Modificationmentioning

confidence: 99%

Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed

Wlazlo,

Sahu,

Mao

et al. 2021

Preprint

View full text Add to dashboard Cite

Man-in-The-Middle (MiTM) attacks present numerous threats to a smart grid. In a MiTM attack, an intruder embeds itself within a conversation between two devices to either eavesdrop or impersonate one of the devices, making it appear to be a normal exchange of information. Thus, the intruder can perform false data injection (FDI) and false command injection (FCI) attacks that can compromise power system operations, such as state estimation, economic dispatch, and automatic generation control (AGC). Very few researchers have focused on MiTM methods that are difficult to detect within a smart grid. To address this, we are designing and implementing multi-stage MiTM intrusions in an emulation-based cyber-physical power system testbed against a large-scale synthetic grid model to demonstrate how such attacks can cause physical contingencies such as misguided operation and false measurements. MiTM intrusions create FCI, FDI, and replay attacks in this synthetic power grid. This work enables stakeholders to defend against these stealthy attacks, and we present detection mechanisms that are developed using multiple alerts from intrusion detection systems and network monitoring tools. Our contribution will enable other smart grid security researchers and industry to develop further detection mechanisms for inconspicuous MiTM attacks.

show abstract

“…The work in [18] and [19] focuses on developing real-time solutions for detecting and defending against denial-of-service (DoS) attacks. In [18], a dynamic differential system is used that models the changing states of a metering infrastructure during DoS attacks and in [19] an online storage facility is proposed for access to faster and scalable data analysis.In [20,21,22] solutions are proposed to protect against negative impacts on power grid state estimation due to delays in the transmission of state measurements and control signals.The work in [23] demonstrates that the lack of strong integrity and authentication checks in a power grid's network communication protocols can allow hackers easy access to the system and may cause detrimental effects to performance.…”

Section: Nomenclaturementioning

confidence: 99%

Cross-Layered Distributed Data-driven Framework For Enhanced Smart Grid Cyber-Physical Security

Starke¹,

Nagaraj²,

Ruben³

et al. 2021

Preprint

0

View full text Add to dashboard Cite

Smart Grid (SG) research and development has drawn much attention from academia, industry and government due to the great impact it will have on society, economics and the environment. Securing the SG is a considerably significant challenge due the increased dependency on communication networks to assist in physical process control, exposing them to various cyber-threats. In addition to attacks that change measurement values using False Data Injection (FDI) techniques, attacks on the communication network may disrupt the power system's real-time operation by intercepting messages, or by flooding the communication channels with unnecessary data. Addressing these attacks requires a cross-layer approach. In this paper a cross-layered strategy is presented, called Cross-Layer Ensemble CorrDet with Adaptive Statistics(CECD-AS), which integrates the detection of faulty SG measurement data as well as inconsistent network inter-arrival times and transmission delays for more reliable and accurate anomaly detection and attack interpretation. Numerical results show that CECD-AS can detect multiple False Data Injections, Denial of Service (DoS) and Man In The Middle (MITM) attacks with a high F1-score compared to current approaches that only use SG measurement data for detection such as the traditional physics-based State Estimation, Ensemble CorrDet with Adaptive Statistics strategy and other machine learning classification-based detection schemes.

show abstract

Simulation of Man in the Middle Attack On Smart Grid Testbed

Cited by 21 publications

References 10 publications

Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed

Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed

Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed

Cross-Layered Distributed Data-driven Framework For Enhanced Smart Grid Cyber-Physical Security

Contact Info

Product

Resources

About