PowerDuck: A GOOSE Data Set of Cyberattacks in Substations

Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids

When and How to Aggregate Message Authentication Codes on Lossy Channels?

Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing overhead, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings

On the benefits of cooperation for dependable wireless communications

The emerging Industrial Internet-of-Things (IIoT) improves flexibility, productivity, and costs of industrial processes by connecting sensors, actuators, and controllers to each other and the Internet. On the factory floor, such interconnections increasingly rely on wireless communications, reducing deployment and maintenance costs while supporting the mobility of communication partners. The industrial domain, however, is mainly characterized by safety- and mission-critical Machine-to-Machine communication. Therefore, state-of-the-art wireless communication protocols for home and business environments, such as WLAN and Bluetooth, are not suited for the IIoT. Consequently, the IIoT requires dependable wireless communication, achieving both high reliability and low latency. A promising approach for so-called Ultra-Reliable Low-Latency Communication (URLLC) in the IIoT is cooperative diversity, since the participating stations already collaborate toward a common goal, i.e., keeping the industrial process running. A sending station exploits multiple independent transmission paths via cooperating relays to reliably convey a packet to its destination. In contrast to spatial diversity, this approach also works with single-input single-output transceivers. However, when considering relaying for URLLC, it is particularly challenging that all participants have to share the scarce transmission resources. Hence, in this dissertation, we investigate various mechanisms enabling dependable wireless communication, i. e., increasing communication reliability within a bounded low latency, mainly focusing on cooperative diversity benefits. Therefore, we explore different design options for URLLC and evaluate them, leveraging the advantages of distinct methodological approaches. We begin with mathematical analysis to assess the possible benefits of cooperative diversity for URLLC and to develop basic protocol design options. Our analysis shows promising results for cooperative diversity compared to other diversity techniques, especially when all stations are involved in the relaying. Based on these results, we implement a relaying protocol for URLLC and evaluate it in a prototypical deployment. We confirm some of our analytical findings while also revealing a substantial performance gap between analysis and real-world evaluation. Moreover, we identify remaining open issues, which mainly include the evaluation of scalability and mobility effects. Therefore, we propose code-transparent simulation to switch seamlessly from real-world deployment to simulations. Our code-transparent simulator, based on ns-3, thus simulates the same code that we used for the prototypical deployment while achieving accurate simulation results. Subsequently, we find that typical moving velocities in industrial scenarios do not negatively impact the relay selection process. Furthermore, cooperative systems support a higher number of stations than comparable systems based on other diversity techniques. In summary, this dissertation offers valuable insights into designing communication protocols with challenging requirements. Thus, at the example of cooperation, we thoroughly retrace the development process from analysis to prototypical deployment. On the one hand, the achieved results contribute to URLLC for the IIoT; on the other hand, they provide a critical examination of the selected evaluation methodologies

Wie Cybersicherheit in der Energieversorgung gelingen kann

Cyberangriffe auf die Energieversorgung können verheerende Auswirkungen haben. Doch trotz des bekannten Bedrohungsrisikos offenbart gerade der Energiesektor großen Nachholbedarf. Dabei stehen Technologien und Maßnahmen prinzipiell zur Verfügung. Ihre Einführung sollte nicht nur als Gemeinschaftsaufgabe, sondern vor allem als Chance begriffen werden