Modified Timed Efficient Stream Loss-tolerant Authentication to Secure Power Line Communication

This paper investigates the feasibility of Timed Efficient Stream Loss-tolerant Authentica- tion to serve security needs of Power Line Communication (PLC) system. PLC network has been identified as the ideal choice to function as the last mile network, deliver load management messages to smart meters. However, there is need to address the security concerns for load management messages delivered over power line communications. The ubiquitous nature of the power line communication infrastructure exposes load management systems (LMS) deployed over it to a security risk. Ordinarily, PLC network does not em- ploy any security measures on which the smart meters and data concentrators can depend on. Therefore, the need to provide a secure mechanism for communication of load man- agement system messages over a PLC network. In LMS, source authentication is of highest priority because we need to respond only to messages from an authenticated source. This is achieved by investigating suitable robust authentication protocols. In this paper we present modifications to Timed Efficient Stream Loss-tolerant Authentication for secure authentica- tion to secure messages for load management over PLC. We demonstrate that PLC can be used to securely and effectively deliver Load Management messages to smart meters, with minimal overhead.

Network attack analysis of an indoor power line communication network

Abstract: The use of network security mechanisms within communication networks, should be prioritized and considered more in a small office/home office (SOHO) network setup such as a power line communication (PLC) network. In PLC networks, network attacks such as denial of service attacks (DOS), phishing attacks and man-in-the-middle attacks are some of the network security issues yet to be critically researched on SOHO network setups such as PLC networks. Therefore, this paper describes and analyzes the possibility of various network attacks on the network and data link layer of a PLC network setup. To achieve this, the PLC network setup will be assessed for vulnerabilities, and if detected, will be exploited using various attack techniques. Graphical charts will be plotted to represent the possibility and effect of the attacks on the PLC network setup. Finally, network security solutions will be provided to mitigate some of the recorded possible attacks on the PLC network setup. The observations and solutions presented in this research paper are for educational purposes and will be helpful to subsequent network security researchers and help improve security within an indoor PLC network setup

Real-time reconfiguration of programmable logic controller communication paths

This thesis explores the topics related to reconfiguration of Programmable Logic Controller\u27s (PLC\u27s) communications paths as it relates to network security and reliability. These paths are normally fixed, which creates a single fault point which can easily be disrupted by network failure or network based attack. With the ability for autonomous communications path reconfiguration these disruptions in communications can be avoided or bypassed. This work builds on these principles and a series of PLC programs are developed to facilitate several things: Scanning of the three different network types most common in PLC to PLC communications; a comprehensive network scan routine for locating multiple communications paths to available network enabled modules and devices; add-on functions for verifying and using these found communications paths; and MS Excel macros for documenting the found modules and devices along with their communications paths from the host processor --Abstract, page iii

PLC Code Vulnerabilities Through SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems are widely used in automated manufacturing and in all areas of our nation\u27s infrastructure. Applications range from chemical processes and water treatment facilities to oil and gas production and electric power generation and distribution. Current research on SCADA system security focuses on the primary SCADA components and targets network centric attacks. Security risks via attacks against the peripheral devices such as the Programmable Logic Controllers (PLCs) have not been sufficiently addressed. Our research results address the need to develop PLC applications that are correct, safe and secure. This research provides an analysis of software safety and security threats. We develop countermeasures that are compatible with the existing PLC technologies. We study both intentional and unintentional software errors and propose methods to prevent them. The main contributions of this dissertation are: 1). Develop a taxonomy of software errors and attacks in ladder logic 2). Model ladder logic vulnerabilities 3). Develop security design patterns to avoid software vulnerabilities and incorrect practices 4). Implement a proof of concept static analysis tool which detects the vulnerabilities in the PLC code and recommend corresponding design patterns

VIRTUAL PLC PLATFORM FOR SECURITY AND FORENSICS OF INDUSTRIAL CONTROL SYSTEMS

Industrial Control Systems (ICS) are vital in managing critical infrastructures, including nuclear power plants and electric grids. With the advent of the Industrial Internet of Things (IIoT), these systems have been integrated into broader networks, enhancing efficiency but also becoming targets for cyberattacks. Central to ICS are Programmable Logic Controllers (PLCs), which bridge the physical and cyber worlds and are often exploited by attackers. There\u27s a critical need for tools to analyze cyberattacks on PLCs, uncover vulnerabilities, and improve ICS security. Existing tools are hindered by the proprietary nature of PLC software, limiting scalability and efficiency. To overcome these challenges, I developed a Virtual PLC Platform (VPP) for forensic analyses of ICS attacks and vulnerability identification. The VPP employs the packet replay technique, using network traffic to create a PLC template. This template guides the virtual PLC in network communication, mimicking real PLCs. A Protocol Reverse Engineering Engine (PREE) module assists in reverse-engineering ICS protocols and discovering vulnerabilities. The VPP is automated, supporting PLCs from various vendors, and eliminates manual reverse engineering. This dissertation highlights the architecture and applications of the VPP in forensic analysis, reverse engineering, vulnerability discovery, and threat intelligence gathering, all crucial to bolstering the security and integrity of critical infrastructure

Wind related faults on the GB transmission network

The GB power network suffers from regular faults with a significant percentage of them caused by adverse or extreme weather. There are current worries surrounding climate change and with some of the effects already being seen, such as a rise in coastal temperatures and more extreme weather, greater research into how society will be affected is required. The research discussed in this paper focuses on extreme weather and its effects on the GB transmission network. With the possibility of increased frequency and intensity of adverse or extreme weather, there is a concern that this will significantly affect the reliability of the network. The research described here has investigated the current effects of weather on the transmission system using data supplied by the three transmission companies that own and operate the GB network: Scottish Power Ltd., National Grid plc. and SSE plc. And will present the current effects of weather on the transmission network, how changes in the weather present challenges in ensuring security of supply and the beginnings of a relationship between weather types and weather related fault

Physical and Link Layer in Power Line Communications Technologies

PLC technology1 - Power Line Communications- refers to the transmission of data using the domestic as well as the low-voltage electrical net. Depending on the type of network used as support it is divided in PLC indoor and outdoor. The first refers to the use of the domestic network and uses higher frequencies (5 MHz to 30 or 40 MHz). Outdoor PLC uses the distribution network and low frequencies of 1 MHz to 5 or 10 MHz. It employs the OFDM multiplexation technique- Orthogonal Frequency Division Multiplexing- which divides the frequency spectrum in narrow channels with independent carriers. At the level of media access protocol, it generally uses those which are compatible with the IEEE 802 norm, with controlled access to avoid collisions. OFDM modulation achieves transmission speeds which are suitable for multimedia services and applications as well as those of critical mission currently used, and with security conditions when facing a noisy channel such as the power network.II Workshop de Arquitecturas, Redes y Sistemas OperativosRed de Universidades con Carreras en Informática (RedUNCI

Physical and Link Layer in Power Line Communications Technologies

PLC technology1 - Power Line Communications- refers to the transmission of data using the domestic as well as the low-voltage electrical net. Depending on the type of network used as support it is divided in PLC indoor and outdoor. The first refers to the use of the domestic network and uses higher frequencies (5 MHz to 30 or 40 MHz). Outdoor PLC uses the distribution network and low frequencies of 1 MHz to 5 or 10 MHz. It employs the OFDM multiplexation technique- Orthogonal Frequency Division Multiplexing- which divides the frequency spectrum in narrow channels with independent carriers. At the level of media access protocol, it generally uses those which are compatible with the IEEE 802 norm, with controlled access to avoid collisions. OFDM modulation achieves transmission speeds which are suitable for multimedia services and applications as well as those of critical mission currently used, and with security conditions when facing a noisy channel such as the power network.II Workshop de Arquitecturas, Redes y Sistemas OperativosRed de Universidades con Carreras en Informática (RedUNCI

On Ladder Logic Bombs in Industrial Control Systems

In industrial control systems, devices such as Programmable Logic Controllers (PLCs) are commonly used to directly interact with sensors and actuators, and perform local automatic control. PLCs run software on two different layers: a) firmware (i.e. the OS) and b) control logic (processing sensor readings to determine control actions). In this work, we discuss ladder logic bombs, i.e. malware written in ladder logic (or one of the other IEC 61131-3-compatible languages). Such malware would be inserted by an attacker into existing control logic on a PLC, and either persistently change the behavior, or wait for specific trigger signals to activate malicious behaviour. For example, the LLB could replace legitimate sensor readings with manipulated values. We see the concept of LLBs as a generalization of attacks such as the Stuxnet attack. We introduce LLBs on an abstract level, and then demonstrate several designs based on real PLC devices in our lab. In particular, we also focus on stealthy LLBs, i.e. LLBs that are hard to detect by human operators manually validating the program running in PLCs. In addition to introducing vulnerabilities on the logic layer, we also discuss countermeasures and we propose two detection techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith