TY - JOUR

T1 - MPTCP-H

T2 - A DDoS attack resilient transport protocol to secure wide area measurement systems

AU - Demir, K.

AU - Nayyer, F.

AU - Suri, Neeraj

PY - 2019/6/1

Y1 - 2019/6/1

N2 - The penetration of distributed generators into the power distribution grid requires real-time control of the grid by monitoring the state of the power distribution grid. Such a large-scale monitoring cannot be performed by using traditional Supervisory Control and Data Acquisition (SCADA) systems due to its lack of the scalability. To address this issue, contemporary Wide Area Measurement Systems (WAMS) are deployed, which provide the dynamic snapshots of the power system. However, WAMS's more open structure versus SCADA poses a risk of WAMS being vulnerable to cyberattacks. In particular, due to high responsiveness and availability requirements of WAMS applications, attacks i.e., Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS. In this paper, we focus on internal DoS/DDoS attacks launched against the WAMS devices by exploiting the vulnerabilities. To counter such attacks, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol, termed as MPTCP-H. The proposed extension mitigates the internal attacks by using a novel stream hopping mechanism, which periodically renews the subflows to hide the open port numbers of the connection. By doing so, MPTCP-H significantly increases the attacker's cost for a successful attack without perturbing the WAMS data traffic. The experimental results show that the proposed MPTCP-H provides a significant DoS/DDoS attack mitigation for WAMS at the expense of reasonable overheads, i.e., additional latency and message.

AB - The penetration of distributed generators into the power distribution grid requires real-time control of the grid by monitoring the state of the power distribution grid. Such a large-scale monitoring cannot be performed by using traditional Supervisory Control and Data Acquisition (SCADA) systems due to its lack of the scalability. To address this issue, contemporary Wide Area Measurement Systems (WAMS) are deployed, which provide the dynamic snapshots of the power system. However, WAMS's more open structure versus SCADA poses a risk of WAMS being vulnerable to cyberattacks. In particular, due to high responsiveness and availability requirements of WAMS applications, attacks i.e., Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS. In this paper, we focus on internal DoS/DDoS attacks launched against the WAMS devices by exploiting the vulnerabilities. To counter such attacks, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol, termed as MPTCP-H. The proposed extension mitigates the internal attacks by using a novel stream hopping mechanism, which periodically renews the subflows to hide the open port numbers of the connection. By doing so, MPTCP-H significantly increases the attacker's cost for a successful attack without perturbing the WAMS data traffic. The experimental results show that the proposed MPTCP-H provides a significant DoS/DDoS attack mitigation for WAMS at the expense of reasonable overheads, i.e., additional latency and message.

KW - Availability

KW - DDoS attack

KW - Multipath TCP

KW - Security

KW - Smart Grid

KW - Denial-of-service attack

KW - Electric power system control

KW - Electric power transmission networks

KW - Geodesy

KW - Network security

KW - Real time control

KW - SCADA systems

KW - Surveying

KW - Transmission control protocol

KW - DDoS Attack

KW - Distributed generators

KW - Power distribution grids

KW - Smart grid

KW - Supervisory control and dataacquisition systems (SCADA)

KW - Wide- area measurement systems (WAMS)

KW - Electric power system measurement

U2 - 10.1016/j.ijcip.2019.02.003

DO - 10.1016/j.ijcip.2019.02.003

M3 - Journal article

VL - 25

SP - 84

EP - 101

JO - International Journal of Critical Infrastructure Protection

JF - International Journal of Critical Infrastructure Protection

SN - 1874-5482

ER -