Peekaboo: A gray hole attack on encrypted SCADA communication using traffic analysis
2014 (English)In: 5th IEEE International Conference on Smart Grid Communications 2014 (SmartGridComm 2014) in Venice, Italy, IEEE, 2014, 902-907 p.Conference paper (Refereed)
We consider a potential gray hole attack against SCADA substation to control center communications using DNP3. We propose a support vector machine-based traffic analysis algorithm that relies on message direction and timing information only, and we use trace-based simulations to show that even if SCADA traffic is sent through an encrypted tunnel, as often done in practice, the gray hole attack can be effectively performed based on the timing and direction of three consecutive messages. Our results show that the attacker does not need accurate system information to be successful, and could affect monitoring accuracy by up to 20%. We discuss possible mitigation schemes at different layers of the communication protocol stack, and show that a minor modification of message timing could help mitigate the attack.
Place, publisher, year, edition, pages
IEEE, 2014. 902-907 p.
Different layers, Encrypted tunnels, Mitigation schemes, Monitoring accuracy, System information, Timing information, Trace-based simulation, Traffic analysis
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject Electrical Engineering
IdentifiersURN: urn:nbn:se:kth:diva-152221DOI: 10.1109/SmartGridComm.2014.7007763ScopusID: 2-s2.0-84922423976ISBN: 9781479949342OAI: oai:DiVA.org:kth-152221DiVA: diva2:749272
2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014; Venice; Italy; 3 November 2014 through 6 November 2014
ProjectsEIT ICTLabs activity SES 14306
QC 201409242014-09-232014-09-232015-05-27Bibliographically approved