Poisoned GOOSE : exploiting the GOOSE protocol

Autoria(s): Kush, Nishchal; Branagan, Mark; Foo, Ernest; Ahmed, Ejaz
Contribuinte(s)

Parampali, Udaya

Welch, Ian
Data(s)

01/01/2014
Resumo

This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing higher status numbers to the receiving intelligent electronic device (IED). This prevents legitimate GOOSE frames from being processed and effectively causes a hijacking of the communication channel, which can be used to implement a denial–of–service (DoS) or manipulate the subscriber (unless a status number roll-over occurs). The authors refer to this attack as a poisoning of the subscriber. A number of GOOSE poisoning attacks are evaluated experimentally on a test bed and demonstrated to be successful.
Formato

application/pdf
Identificador

http://eprints.qut.edu.au/66227/
Publicador

Australian Computer Society, Inc.
Relação

http://eprints.qut.edu.au/66227/1/paper.pdf

http://crpit.com/Vol149.html

Kush, Nishchal, Branagan, Mark, Foo, Ernest, & Ahmed, Ejaz (2014) Poisoned GOOSE : exploiting the GOOSE protocol. In Parampali, Udaya & Welch, Ian (Eds.) Proceedings of the Twelfth Australasian Information Security Conference (AISC 2014) [Conferences in Research and Practice in Information Technology, Volume 149], Australian Computer Society, Inc., Auckland University of Technology, Auckland, pp. 17-22.
Direitos

Copyright 2014, Australian Computer Society, Inc.

This paper appeared at the Australasian Information Security Conference (ACSW-AISC 2014), Auckland, New Zealand, January 2014. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 149, Udaya Parampalli and Ian Welch, Ed. Reproduction for academic, not-for-profit purposes permitted provided this text is included.
Fonte

School of Electrical Engineering & Computer Science; Institute for Future Environments; Science & Engineering Faculty
Palavras-Chave #089999 Information and Computing Sciences not elsewhere classified #substations #GOOSE protocol #critical infrastructure security
Tipo

Conference Paper
Acesso ao item digital