SEEDS Industry Engagement Event

Transcription

1 SEEDS Industry Engagement Event Professor Mohammed, FIU, Sequence Hopping Algorithm to Secure IEC GOOSE Messages Sequence Hopping Algorithm to Secure IEC GOOSE Messages Professor Osama Mohammed Energy Systems Research Laboratory Florida International University October 16/17, 2017

2 Goal Goal: Securing IEC Layer 2 GOOSE messages. Developing a tool to securely exchange the highly vulnerable IEC GOOSE messages between IEDs. Authenticating messages by the addition of a sequence hopping data field on exchanged messages A message sequence synchronization and monitoring server (MSSMS) will be responsible for synchronizing all sequence hopping fields in all IEDs. Could be a separate server or a service running on one of the IED s

3 IEC at a glance IEC Developed by the International Electro technical Commission (IEC) Technical Committee Number 57 Working Group 10 and IEEE for Ethernet (IEEE 802.3) based communication in electrical substations. Manufacturing Message Service (MMS): Monitoring and high level control (configuration files ) Ethernet Substation Bus IED IED IED Generic Object Oriented Substation Event (GOOSE): Event driven commands Ethernet Process Bus Sampled Measured Values (SMV): Measurements (actual CT&VT level measurements) Field Level Devices CT MU VT CT MU VT Merging units

4 IEC at a glance IEC Developed to: Define a standard data model to allow interoperability between multi vendor devices in a substation. Reduce copper wiring in a substation by digitizing and communicate measurement and control messages, in a bi directional manner, over the process bus as SMV and GOOSE messages, respectively. IEC being expanded to include DER integration (microgrids).

5 Generic Object Oriented Substation Event (GOOSE) Messages: GOOSE messages are used for critical events in substations and microgrids control. Used mainly to control opening/closing status of circuit breakers. Sent and broadcast Layer 2 messages of the OSI data model. Device MAC address Application ID: unique identifier for every message Status Number increments with every new event Sequence Number increments with every retransmission Destination MAC Address Source MAC Address Priority Tagging/VLAN ID Ethertype (88B8) Reserved 1 Reserved 2 APPID Length Tag Length goosepdu Tag Length gocbref Tag Length timeallowedtolive Tag Length datset Tag Length goid Tag Length t Tag Length stnum Tag Length sqnum Tag Length test Tag Length confrev Tag Length ndscom Tag Length numdatsetentries Tag Length alldata Tag Length Data 1 (Boolean) Tag Length Data 2 (Float) Tag Length Data N

6 GOOSE Messages Transmission Mechanism StNum=1,Seqnum=1, StNum=1,Seqnum=0, StNum=2,Seqnum=0, time stamp, Data(1) Data(2) Subscriber IED StNum=1,Seqnum=1, StNum=1,Seqnum=0, StNum=2,Seqnum=0, time stamp, Data(1) Data(2) Publisher IED network StNum=1,Seqnum=1, StNum=1,Seqnum=0, StNum=2,Seqnum=0, time stamp, Data(1) Data(2) Subscriber IED Event (2) (1) StNum=1,Seqnum=1, StNum=1,Seqnum=0, StNum=2,Seqnum=0, time stamp, Data(1) Data(2) Subscriber IED

7 Security threats The original IEC standard doesn't define any security measures. To address the security issue in IEC and other automation protocols such as DNP3, IEC TC 57 WG 10 issued IEC security standard. for applications using GOOSE and IEC (SMV) and requiring 4 ms response times, multicast configurations and low CPU overhead, encryption is not recommended. Lack of Encryption Message Understanding and Modification

8 Attack Scenario: GOOSE Manipulation on Commercial IEDS Commercial IEDs at FIU Testbed Remote Grid IED IED Main Bus Bar Physical Device Bay Controller XCBR1 Logical Node MU IED IED IED Inverter Based DER MU Synchronous Generator Local Load MU DC/DC DC/DC Converter DC Load Converter Battery Source PV Panel MU

9 Attack Scenario: GOOSE Manipulation on Commercial IEDS Publishing IED Subscribing IED1 Automated script using Python in conjunction with packet crafting libraries from Scapy. 1 Sniff network packets. 3 1 Altered Sniffing Data 3 Monitor network for GOOSE messages Subscribing IED2 Subscribing IEDN 2 3 Decode message, and alter designated fields. Publish fake message to the network. Data Manipulation Decode Messages Alter Data Encode Messages Inject Fake Message

10 GOOSE Poisoning Attack StNum=2,Seqnum=1, StNum=1,Seqnum=1, time time stamp, Data(Fake) Data(1) Subscriber IED StNum=1,Seqnum=1, time stamp, Data(1) Publisher IED network StNum=2,Seqnum=1, StNum=1,Seqnum=1, time time stamp, stamp, Data(Fake) Data(1) Subscriber IED Event (1) sniffing Alter the Data fields StNum=2,Seqnum=1, StNum=1,Seqnum=1, time stamp, Data(Fake) Data(1) Attacker StNum=2,Seqnum=1, StNum=1,Seqnum=1, time time stamp, Data(Fake) Data(1) Subscriber IED

11 Attack on Commercial IED Aside from targeting critical infrastructure, the gravity of these attacks is emphasized by their ability to remain undetectable by conventional network Intrusion Detection Systems (IDSs). The modified control fields are re encoded in the proper packet format before being transmitted. GOOSE Manipulation Example

12 Encryption and Authentication Challenges IEC standard requires TLS and message encryption for MMS messages. IEC recommends not to use any encryption on GOOSE messages due to time restriction <4msec. IEC recommends the use of RSA for message Authentication. RSA: Encryption algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman. Latest available hardware fails to sign the GOOSE without violating the time restriction

13 Encryption and Authentication Challenges RSA Signing and Verification Execution Time on Several Processors RSA: Encryption algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman. D Berbecaru, On Measuring SSL-based Secure Data Transfer with Handheld Devices, Politecnico di Torino, Dip. di Automatica e Informatica

14 Approach Sequence Hopping Algorithm for Securing GOOSE Messages New filed will be added to the message HseqNum. The HseqNum will be a random value generated by pseudo random number generator. New HseqNum will be generated by the every event. Each subscriber will generate random sequence synchronized with the publisher subscriber will accept only the message with matching HseqNum. Any message with repeated or unmatched HseqNum will be rejected. The attacker will not be able to send any message without knowing the correct HseqNum. Any manipulated message will be rejected since it will have repeated HseqNum.

15 Approach Sequence Hopping Algorithm for Securing GOOSE Messages Message sequence synchronization and monitoring server (MSSMS) will be responsible about sync all pseudo random number generators. The MSSMS will use encrypted connection for synchronization and exchanging initial seeds. The MSSMS will monitor all GOOSE broadcasted message for attack detection

16 Testing Sequence Hopping Algorithm for Securing GOOSE Messages Experimental Validation: Setup 1 MSSMS Synchronize Subscriber the random Attach receives HSeqNum number GOOSE generators field message to the and seed GOOSE at publisher message verifies the and before subscriber publishing HSeqNumside it filed

17 Testing Sequence Hopping Algorithm for Securing GOOSE Messages Experimental Validation: Setup 1

18 Testing Sequence Hopping Algorithm for Securing GOOSE Messages Experimental Validation: Setup 1 Embedded sequence hopping security solution test setup End-to-end delay time for the embedded sequence hopping implementation

19 Testing Sequence Hopping Algorithm for Securing GOOSE Messages Experimental Validation: Setup 2 MSSMS GOOSE Publisher IED with proprietary firmware In case the firmware of the device is proprietary and cannot be modified, the sequence hopping algorithm can be implemented on Bump in the wire devices GOOSE Subscriber IED with proprietary firmware

20 Testing Sequence Hopping Algorithm for Securing GOOSE Messages Experimental Validation: Setup 2 Bump in the wire sequence hopping security mechanism implementation setup. Bump in the wire solution end-to-end delay.

21 Industry Relevance Securing the most widely accepted and industry approved IEC GOOSE messaging through an intuitive computationally inexpensive message authentication mechanism. Enhance resiliency of substation automation systems to data manipulation (man-in-the-middle) attacks. Message authentication through sequence hopping could be applied as firmware update on commercial IEDs already present in field devices. Implemented as a bump-in-the-wire device attached to legacy protection devices. Therefore, there is no need of replacing devices that do not support the required functionalities. Developed algorithm could be hardcoded into newly developed IEDs

22 Conclusion & Discussion The algorithm needs minimal computation resources (will not conflict with 4 ms time restriction). The SSL encryption will be utilized in initial synchronization only instead of repeated signature generation for every message. The algorithm benefits from the Layer two broadcasting message since the attacker can t block the broadcast message and the only way to manipulate the data is resending the message. Since any pseudo random pattern can be detected if the attacker sniffs enough samples of the sequence number the synchronization server will change seeds before generating enough numbers for correlation.