Information Security Analysis and Auditing of IEC61850 Automated Substations

This thesis is about issues related to the security of electric substations automated by IEC61850, an Ethernet (IEEE 802.3) based protocol. It is about a comprehen­ sive security analysis and development of a viable method of auditing the security of this protocol. The security analysis focuses on the possible threats to an electric substation based on the possible motives of an attacker. Existing methods and met­ rics for assessing the security of computer networks are explored and examined for suitability of use with IEC61850. Existing methods and metrics focus on conven­ tional computers used in computer networks which are fundamentally different from Intelligent Electronic Devices (IED’s) of substations in terms of technical composition and functionality. Hence, there is a need to develop a new method of assessing the security of such devices. The security analysis is then used to derive a new metric scheme to assess the security of IED’s that use IEC61850. This metric scheme is then tested out in a sample audit on a real IEC61850 network and compared with two other commonly used security metrics. The results show that the new metric is good in assessing the security of IED’s themselves. Further analysis on IED security is done by conducting simulated cyber attacks. The results are then used to develop an Intrusion Detection System (IDS) to guard against such attacks. The temporal risk of intrusion on an electric substation is also evaluated

IoT Device Fingerprint using Deep Learning

Device Fingerprinting (DFP) is the identification of a device without using its network or other assigned identities including IP address, Medium Access Control (MAC) address, or International Mobile Equipment Identity (IMEI) number. DFP identifies a device using information from the packets which the device uses to communicate over the network. Packets are received at a router and processed to extract the information. In this paper, we worked on the DFP using Inter Arrival Time (IAT). IAT is the time interval between the two consecutive packets received. This has been observed that the IAT is unique for a device because of different hardware and the software used for the device. The existing work on the DFP uses the statistical techniques to analyze the IAT and to further generate the information using which a device can be identified uniquely. This work presents a novel idea of DFP by plotting graphs of IAT for packets with each graph plotting 100 IATs and subsequently processing the resulting graphs for the identification of the device. This approach improves the efficiency to identify a device DFP due to achieved benchmark of the deep learning libraries in the image processing. We configured Raspberry Pi to work as a router and installed our packet sniffer application on the Raspberry Pi . The packet sniffer application captured the packet information from the connected devices in a log file. We connected two Apple devices iPad4 and iPhone 7 Plus to the router and created IAT graphs for these two devices. We used Convolution Neural Network (CNN) to identify the devices and observed the accuracy of 86.7%

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network