Title :
Peekaboo: A gray hole attack on encrypted SCADA communication using traffic analysis
Author :
Torrisi, Nunzio Marco ; Vukovic, Ognjen ; Dan, G. ; Hagdahl, Stefan
Author_Institution :
Centre de Mat., Comput. e Cognicao, Univ. Fed. do ABC, Santo Andre, Brazil
Abstract :
We consider a potential gray hole attack against SCADA substation to control center communications using DNP3. We propose a support vector machine-based traffic analysis algorithm that relies on message direction and timing information only, and we use trace-based simulations to show that even if SCADA traffic is sent through an encrypted tunnel, as often done in practice, the gray hole attack can be effectively performed based on the timing and direction of three consecutive messages. Our results show that the attacker does not need accurate system information to be successful, and could affect monitoring accuracy by up to 20%. We discuss possible mitigation schemes at different layers of the communication protocol stack, and show that a minor modification of message timing could help mitigate the attack.
Keywords :
SCADA systems; cryptography; power engineering computing; protocols; support vector machines; DNP3; Peekaboo; SCADA communication encryption; SCADA substation; attack mitigation; communication protocol stack; control center communications; gray hole attack; message timing modification; mitigation schemes; support vector machine; trace-based simulations; traffic analysis algorithm; tunnel encryption; Barium; Cryptography; Power measurement; Protocols; Substations; Support vector machines; Voltage measurement;
Conference_Titel :
Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on
Conference_Location :
Venice
DOI :
10.1109/SmartGridComm.2014.7007763
