Title :
An event buffer flooding attack in DNP3 controlled SCADA systems
Author :
Jin, Dong ; Nicol, David M. ; Yan, Guanhua
Author_Institution :
Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
Abstract :
The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communications are asynchronous across the two levels; this leads to the possibility of completely filling a data aggregator´s buffer of pending events, when a compromised relay sends overly many (false) events to the data aggregator. This paper investigates the attack by implementing the attack using real SCADA system hardware and software. A Discrete-Time Markov Chain (DTMC) model is developed for understanding conditions under which the attack is successful and effective. The model is validated by a Möbius simulation model and data collected on a real SCADA testbed.
Keywords :
Markov processes; SCADA systems; power system control; protocols; simulation; telecommunication security; DNP3 communications; DNP3 controlled SCADA system; DNP3 protocol; Mobius simulation model; control center; data aggregator; discrete-time Markov chain model; distributed network protocol; electrical power; event buffer flooding attack; sensor state information; supervisory control and data acquisition systems; Analytical models; Data models; Protocols; Radiation detectors; Relays; SCADA systems; Substations;
Conference_Titel :
Simulation Conference (WSC), Proceedings of the 2011 Winter
Conference_Location :
Phoenix, AZ
Print_ISBN :
978-1-4577-2108-3
Electronic_ISBN :
0891-7736
DOI :
10.1109/WSC.2011.6147969
