research-article

Towards DDoS Attack Resilient Wide Area Monitoring Systems

Authors:

Neeraj SuriAuthors Info & Claims

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Article No.: 99, Pages 1 - 7

https://doi.org/10.1145/3098954.3103164

Published: 29 August 2017 Publication History

Abstract

The traditional physical power grid is evolving into a cyber-physical Smart Grid (SG) that links the cyber communication and computational elements with the physical control functions to dynamically integrate varied and geographically distributed energy producers/consumers. In the SG, the cyber elements of Wide Area Measurement Systems (WAMS) are deployed to provide the critical monitoring of the state of power transmission and distribution to accomplish real-time control of the grid. Unfortunately, the increasing adoption of such computing/communication cyber-technologies essential to providing the SG operations also opens the risk of the SG being vulnerable to cyberattacks. In particular, attacks such as Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS where such attacks can compromise its safety-critical accuracy and responsiveness characteristics.

To prevent DoS/DDoS attacks at the transport and application layer from affecting the WAMS operations, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol that mitigates such attacks by using a novel stream hopping MPTCP mechanism, termed as MPTCP-H. The proposed MPTCP-H hides the open port numbers of the connection from an attacker by renewing (over time) the subflows over new port numbers without perturbing the WAMS data traffic. Our results demonstrate MPTCP-H to be both effective and efficient (for reduced latency and congestion), and also applicable to the communication frameworks of other similar Critical Infrastructures.

References

[1]

M. Kezunovic, et. al., (2011) "IEEE Standard for Synchrophasor Data Transfer for Power Systems," IEEE C37.118.2.

[2]

A. Ford, et. al., (2013) "TCP Extensions for Multipath Operation with Multiple Addresses," IETF RFC 6824.

[3]

R. Khan, et. al., (2016) "IEEE C37.118-2 Synchrophasor Communication Framework: Overview, Cyber Vulnerabilities Analysis and Performance Evaluation," In Proc. of the second International Conference on Information Systems Security and Privacy (ICISSP), pp. 167--178.

[4]

H. Lin, et. al., (2012) "Cyber Security Impacts on all-PMU State Estimator: a Case Study on Co-Simulation Platform GECO," In Proc. of the third international conference on Smart Grid Communications (SmartGridComm), pp. 587--592.

[5]

W. Wang and Z. Lu, (2013) "Cyber Security in the Smart Grid: Survey and Challenges," In Computer Networks, 57(5), pp. 1344--1371.

Digital Library

[6]

T. Morris, et. al., (2011) "Cyber Security Testing of Substation Phasor Measurement Units and Phasor Data Concentrators," In the seventh annual ACM Cyber Security and Information Intelligence Research Workshop (CSIIRW), pp. 1--24.

Digital Library

[7]

N. Yadav, and E. Kapadia, (2010) "IP and Ethernet Communication Technologies and Topologies for IED networks," In Grid InterOp, pp. 1--17.

[8]

A. Ikbal, M. Aftab, and S. Hussain, (2016) "Performance Comparison of IEC 61850-90-5 and IEEE C37. 118.2 Based Wide Area PMU Communication Networks," In Modern Power Systems and Clean Energy, 4(3), pp. 487--495.

[9]

M. Kanabar, M. Adamiak, and J. Rodrigues. (2013) "Optimizing Wide Area Measurement System Architectures with Advancements in Phasor Data Concentrators (PDCS)," In IEEE Power and Energy Society General Meeting, pp. 1--5.

[10]

R. Dixon, (1994) "Spread Spectrum Systems: with Commercial Applications," In New York: Wiley, 994, pp. 32--44.

Digital Library

[11]

C. Raiciu, et. al., (2011) "Improving Datacenter Performance and Robustness with Multipath TCP," In ACM SIGCOMM Computer Communication Review, 41(4), pp. 266--277.

Digital Library

[12]

C. Paasch, et al., (2014) "Experimental Evaluation of Multipath TCP Schedulers," In Proc. of the ACM SIGCOMM workshop on Capacity Sharing Workshop (CSWS), pp. 27--32.

Digital Library

[13]

C. Paasch, et al., (2017) "Multipath TCP in the Linux Kernel," http://www.multipath-tcp.org, Last accessed on 23-04-2017.

[14]

T. Dreibholz, (2015) "The NorNet Testbed A Large-Scale Experiment Platform for Real-World Experiments with Multi-Homed Systems," https://www.simula.no/research/projects/nornet, Last accessed on 23-04-2017.

[15]

S. Zannettou, et al., (2016) "Exploiting Path Diversity in Datacenters using MPTCP-aware SDN," In Proc. of IEEE Symposium on Computers and Communication (ISCC), pp. 539--546.

[16]

H. Lee and V. Thing, (2004) "Port Hopping for Resilient Networks," In Proc. of the 60 IEEE Vehicular Technology Conference, pp. 3291--3295.

[17]

Z. Fu, M. Papatriantafilou and P.Tsigas, (2012) "Mitigating Distributed Denial of Service Attacks in Multiparty Applications in the Presence of Clock Drifts," In IEEE transactions on Dependable and Secure Computing, 9(3), pp. 401--413.

Digital Library

[18]

D. Laverty, et al. (2010) "Telecommunications for smart grid: Backhaul solutions for the distribution network," In Power and Energy Society General Meeting, pp. 1--6.

[19]

R. Ahmad, and A. Pathan, (2017) "A Study on M2M (Machine to Machine) System and Communication: Its Security, Threats, and Intrusion Detection System," In Security Solutions and Applied Cryptography in Smart Grid Communications pp. 179--214.

[20]

Kubilay Demir and Neeraj Suri. (2017) "SeReCP: A Secure and Reliable Communication Platform for the Smart Grid," In Proc. of the 22nd IEEE Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 175--184.

[21]

G. Badishi, A. Herzberg, and I. Keidar, (2007) "Keeping Denial-of-Service Attackers in the Dark," In IEEE transactions on Dependable Secure Computing, 4(3), pp. 191--204.

Digital Library

[22]

Y. Bin Luo, B. Wang, and G. Cai, (2015) "Effectiveness of Port Hopping as a Moving Target Defense," In Proc. of 7th international conference on Security Technology (SecTech), pp. 7--10.

Digital Library

Cited By

Cevallos-Salas DEstrada-Jiménez JGuamán D(2024)Application layer security for Internet communicationsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109498119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109498
Syrmakesis AAlcaraz CHatziargyriou N(2022)Classifying resilience approaches for protecting smart grids against cyber threatsInternational Journal of Information Security10.1007/s10207-022-00594-721:5(1189-1210)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10207-022-00594-7
Huseinovic AMrdovic SBicakci KUludag S(2020)A Survey of Denial-of-Service Attacks and Solutions in the Smart GridIEEE Access10.1109/ACCESS.2020.30269238(177447-177470)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3026923
Show More Cited By

Index Terms

Towards DDoS Attack Resilient Wide Area Monitoring Systems
1. Hardware
  1. Power and energy
    1. Energy distribution
      1. Smart grid

Recommendations

DDoSniffer: Detecting DDoS attack at the source agents

Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite the existing defence mechanisms, attackers manage to build large sets of impersonated hosts. Our approach consists in detecting DDoS directly on these ...
DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Countering DDoS and XDoS Attacks against Web Services
EUC '08: Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 01

Cyber-criminals use distributed denial-of-service attacks (DDoS) and XML denial-of-service attacks (XDoS) to extort money from online service providers. This kind of attacks is normally targeted at a particular service provider to exhaust the network ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

August 2017

853 pages

ISBN:9781450352574

DOI:10.1145/3098954

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Commission

Conference

ARES '17

ARES '17: International Conference on Availability, Reliability and Security

August 29 - September 1, 2017

Reggio Calabria, Italy

Acceptance Rates

ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
201
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cevallos-Salas DEstrada-Jiménez JGuamán D(2024)Application layer security for Internet communicationsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109498119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109498
Syrmakesis AAlcaraz CHatziargyriou N(2022)Classifying resilience approaches for protecting smart grids against cyber threatsInternational Journal of Information Security10.1007/s10207-022-00594-721:5(1189-1210)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10207-022-00594-7
Huseinovic AMrdovic SBicakci KUludag S(2020)A Survey of Denial-of-Service Attacks and Solutions in the Smart GridIEEE Access10.1109/ACCESS.2020.30269238(177447-177470)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3026923
He XRobards EGamble RPapa M(2019)Anomaly Detection Sensors for a Modbus-Based Oil and Gas Well-Monitoring System2019 2nd International Conference on Data Intelligence and Security (ICDIS)10.1109/ICDIS.2019.00008(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/ICDIS.2019.00008
Demir KNayyer FSuri N(2019)MPTCP-H: A DDoS Attack Resilient Transport Protocol to Secure Wide Area Measurement SystemsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2019.02.003Online publication date: Feb-2019
https://doi.org/10.1016/j.ijcip.2019.02.003
Demir KIsmail HVateva-Gurova TSuri N(2018)Securing the Cloud-Assisted Smart GridInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2018.08.004Online publication date: Aug-2018
https://doi.org/10.1016/j.ijcip.2018.08.004

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten