Cryptography on DNP 3 protocol with a detection system

Jinyoung Lee

Back

Cryptography on DNP 3 protocol with a detection system

Thesis

Open access

Cryptography on DNP 3 protocol with a detection system

Jinyoung Lee

Washington State University

Master of Science (MS), Washington State University

2018

Handle:

https://hdl.handle.net/2376/102114

Files and links (1)

pdf

J_Lee_0516181.63 MBDownload View

Open Access

Abstract

Electric power distribution--Automation.;Electric power distribution--Security measures.;Hacking--Prevention.

As more information and communications devices are deployed in a power system, the cyber threat becomes a serious issue. Yet, there has not been a comprehensive defense strategy for cyber security of power systems. DNP 3 protocol is one of the most commonly used communication protocols in distribution systems. However, it is vulnerable to hacking intrusion. This thesis is focused on DNP 3 protocol supporting the communication between the control center Front End Processor (FEP) and switches on the field. This paper takes into account three man-in-the-middle attack scenarios, including eavesdropping, injection attack, and replay attack. An operation command from FEP to switches is encrypted with Advanced Encryption Standard (AES) encryption and hashed with Secured Hashing Algorithm (SHA-512). A key for AES and SHA-512 is updated by a key exchange operation which is encrypted with Rivest Shamir Adleman (RSA) asymmetric encryption and SHA-512 hash. An anomaly detection matrix records the intrusion attempts that are detected from the encryption and hashing algorithm. The attack similarity is calculated by the attack similarity algorithm between anomaly detection matrixes. The detection mechanism on HMI detects the intrusion on the control desktop to steal the key or access remote control of the switches. A recovery mode combines the intrusion messages from the anomaly detection matrix, calculates an attack similarity and detects the intrusion on the HMI and determines a defense strategy. Simulation scenarios implemented on the WSU testbed successfully detects various attacks, including eavesdropping, falsified data injection, and remotely control of the control desktop, and prevents further invasions by rebooting the HMI and renewing the keys for the encryption and hashing algorithm.

Metrics

10 File views/ downloads

53 Record Views

Details

Title: Cryptography on DNP 3 protocol with a detection system
Creators: Jinyoung Lee
Contributors: Chen-Ching Liu (Degree Supervisor)
Awarding Institution: Washington State University
Academic Unit: Electrical Engineering and Computer Science, School of
Theses and Dissertations: Master of Science (MS), Washington State University
Publisher: Washington State University; [Pullman, Washington] :
Identifiers: 99900525293101842
Language: English
Resource Type: Thesis