De-Synchronisation Attack Modelling in Real-Time Protocols Using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol

  • James G. WrightEmail author
  • Stephen D. Wolthusen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10707)


Applications developed for Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS of the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches.

The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline, to allow for the analysis of probabilistic packet flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis, and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.


Queue networks ISO/IEC 61850 Quality of service Protocol analysis De-synchronisation attack 



This work is supported by an EPSRC Academic Centres of Excellence in Cyber Security Research PhD grant. The authors would like to thank Joshua Robinson and Ela Kasprsky for their help in understanding some of the mathematical concepts used in this paper.


  1. 1.
    Ansilla, J.D., Vasudevan, N., JayachandraBensam, J., Anunciya, J.D.: Data security in smart grid with hardware implementation against DoS attacks. In: International Conference on Circuit Power and Computing Technologies, ICCPCT 2015, pp. 1–7 (2015)Google Scholar
  2. 2.
    Cherepanov, A.: WIN32/INDUSTROYER: A New Threat for Industrial Control Systems. Technical report, ESET, 12 June 2017Google Scholar
  3. 3.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Gaderer, G., Treytl, A., Sauter, T.: Security aspects for IEEE 1588 based clock synchronization protocols. In: IEEE International Workshop on Factory Communication Systems, WFCS 2006, Torino, Italy, pp. 247–250. Citeseer (2006)Google Scholar
  5. 5.
    Gross, D., Shortle, J.F., Thompson, J.M., Harris, C.M.: Fundamentals of Queueing Theory, 4th edn. Wiley-Interscience, New York (2008)CrossRefGoogle Scholar
  6. 6.
    Hurst, W., Shone, N., Monnet, Q.: Predicting the effects of DDoS attacks on a network of critical infrastructures. In: IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, 2015, pp. 1697–1702, October 2015Google Scholar
  7. 7.
    Itkin, E., Wool, A.: A security analysis and revised security extension for the precision time protocol. In: IEEE International Symphosium on Precision Clock Synchronization for Measurement, Control, and Communication, ISPCS 2016, pp. 1–6 (2016)Google Scholar
  8. 8.
    Kammas, P., Komninos, T., Stamatiou, Y.C.: A queuing theory based model for studying intrusion evolution and elimination in computer networks. In: The Fourth International Conference on Information Assurance and Security, pp. 167–171, September 2008Google Scholar
  9. 9.
    Li, Q., Ross, C., Yang, J., Di, J., Balda, J.C., Mantooth, H.A.: The effects of flooding attacks on time-critical communications in the smart grid. In: 2015 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5, February 2015Google Scholar
  10. 10.
    Liu, S., Liu, X.P., Saddik, A.E.: Denial-of-Service (dos) attacks on load frequency control in smart grids. In: IEEE PES Innovative Smart Grid Technologies Conference ISGT 2013, pp. 1–6 (2013)Google Scholar
  11. 11.
    Malhotra, A., Goldberg, S.: Attacking NTP’s authenticated broadcast mode. SIGCOMM Comput. Commun. Rev. 46(2), 12–17 (2016)CrossRefGoogle Scholar
  12. 12.
    TC 57 Power Systems Management and Associated Information Exchange. Communication Networks and Systems for Power Utility Automation - Part 7–2: Basic Information and Communication Structure - Abstract Communication Service Interface. IEC standard 61850-7-2. Technical report, International Electrotechnical Commission (2010)Google Scholar
  13. 13.
    Mitchell, D.L., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Workshop on Formal Methods and Security Protocols (1999)Google Scholar
  14. 14.
    Mizrahi, T.: A game theoretic analysis of delay attacks against time synchronization protocols. In: 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication, pp. 1–6, September 2012Google Scholar
  15. 15.
    Moussa, B., Debbabi, M., Assi, C.: A detection and mitigation model for PTP delay attack in a smart grid substation. In: IEEE International Conference on Smart Grid Communications, SmartGridComm 2015, pp. 497–502, November 2015Google Scholar
  16. 16.
    Osorio, C., Bierlaire, M.: An analytic finite capacity queueing network model capturing the propagation of congestion and blocking. Eur. J. Oper. Res. 196(3), 996–1007 (2009)CrossRefGoogle Scholar
  17. 17.
    Patel, R., Borisaniya, B., Patel, A., Patel, D., Rajarajan, M., Zisman, A.: Comparative analysis of formal model checking tools for security protocol verification. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 152–163. Springer, Heidelberg (2010). Scholar
  18. 18.
    Srikantha, P., Kundur, D.: Denial of service attacks and mitigation for stability in cyber-enabled power grid. In: 2015 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5, February 2015Google Scholar
  19. 19.
    TC 57 Power systems management and associated information exchange. Communication networks and systems for power utility automation - Part 5: Communication requirements for functions and device models. IEC standard 61850–5. Technical report, International Electrotechnical Commission (2013)Google Scholar
  20. 20.
    Tsang, J., Beznosov, K.: A security analysis of the precise time protocol (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 50–59. Springer, Heidelberg (2006). Scholar
  21. 21.
    Ullmann, M., Vgeler, M.: Delay attacks - implication on NTP and PTP time synchronization. In: 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication, pp. 1–6, October 2009Google Scholar
  22. 22.
    Wan, X.Y., Li, Z., Fan, Z.F.: A SIP DoS flooding attack defense mechanism based on priority class queue. In: 2010 IEEE International Conference on Wireless Communications, Networking and Information Security, pp. 428–431, June 2010Google Scholar
  23. 23.
    Wang, Y., Lin, C., Li, Q., Fang, Y.: A queueing analysis for the denial of service (DoS) attacks in computer networks. Comput. Netw. 51(12), 3564–3573 (2007)CrossRefGoogle Scholar
  24. 24.
    Wei, J., Kundur, D.: A flocking-based model for DoS-resilient communication routing in smart grid. IEEE Global Communications Conference, GLOBECOM 2012, pp. 3519–3524, December 2012Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Mathematics and Information Security, Royal HollowayUniversity of LondonEghamUK
  2. 2.Norwegian Information Security LaboratoryNorwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations