Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - MPTCP-H
T2 - A DDoS attack resilient transport protocol to secure wide area measurement systems
AU - Demir, K.
AU - Nayyer, F.
AU - Suri, Neeraj
PY - 2019/6/1
Y1 - 2019/6/1
N2 - The penetration of distributed generators into the power distribution grid requires real-time control of the grid by monitoring the state of the power distribution grid. Such a large-scale monitoring cannot be performed by using traditional Supervisory Control and Data Acquisition (SCADA) systems due to its lack of the scalability. To address this issue, contemporary Wide Area Measurement Systems (WAMS) are deployed, which provide the dynamic snapshots of the power system. However, WAMS's more open structure versus SCADA poses a risk of WAMS being vulnerable to cyberattacks. In particular, due to high responsiveness and availability requirements of WAMS applications, attacks i.e., Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS. In this paper, we focus on internal DoS/DDoS attacks launched against the WAMS devices by exploiting the vulnerabilities. To counter such attacks, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol, termed as MPTCP-H. The proposed extension mitigates the internal attacks by using a novel stream hopping mechanism, which periodically renews the subflows to hide the open port numbers of the connection. By doing so, MPTCP-H significantly increases the attacker's cost for a successful attack without perturbing the WAMS data traffic. The experimental results show that the proposed MPTCP-H provides a significant DoS/DDoS attack mitigation for WAMS at the expense of reasonable overheads, i.e., additional latency and message.
AB - The penetration of distributed generators into the power distribution grid requires real-time control of the grid by monitoring the state of the power distribution grid. Such a large-scale monitoring cannot be performed by using traditional Supervisory Control and Data Acquisition (SCADA) systems due to its lack of the scalability. To address this issue, contemporary Wide Area Measurement Systems (WAMS) are deployed, which provide the dynamic snapshots of the power system. However, WAMS's more open structure versus SCADA poses a risk of WAMS being vulnerable to cyberattacks. In particular, due to high responsiveness and availability requirements of WAMS applications, attacks i.e., Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS. In this paper, we focus on internal DoS/DDoS attacks launched against the WAMS devices by exploiting the vulnerabilities. To counter such attacks, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol, termed as MPTCP-H. The proposed extension mitigates the internal attacks by using a novel stream hopping mechanism, which periodically renews the subflows to hide the open port numbers of the connection. By doing so, MPTCP-H significantly increases the attacker's cost for a successful attack without perturbing the WAMS data traffic. The experimental results show that the proposed MPTCP-H provides a significant DoS/DDoS attack mitigation for WAMS at the expense of reasonable overheads, i.e., additional latency and message.
KW - Availability
KW - DDoS attack
KW - Multipath TCP
KW - Security
KW - Smart Grid
KW - Denial-of-service attack
KW - Electric power system control
KW - Electric power transmission networks
KW - Geodesy
KW - Network security
KW - Real time control
KW - SCADA systems
KW - Surveying
KW - Transmission control protocol
KW - DDoS Attack
KW - Distributed generators
KW - Power distribution grids
KW - Smart grid
KW - Supervisory control and dataacquisition systems (SCADA)
KW - Wide- area measurement systems (WAMS)
KW - Electric power system measurement
U2 - 10.1016/j.ijcip.2019.02.003
DO - 10.1016/j.ijcip.2019.02.003
M3 - Journal article
VL - 25
SP - 84
EP - 101
JO - International Journal of Critical Infrastructure Protection
JF - International Journal of Critical Infrastructure Protection
SN - 1874-5482
ER -