skip to main content
research-article

A Case Study in Power Substation Network Dynamics

Published:13 June 2017Publication History
Skip Abstract Section

Abstract

The modern world is becoming increasingly dependent on computing and communication technology to function, but unfortunately its application and impact on areas such as critical infrastructure and industrial control system (ICS) networks remains to be thoroughly studied. Significant research has been conducted to address the myriad security concerns in these areas, but they are virtually all based on artificial testbeds or simulations designed on assumptions about their behavior either from knowledge of traditional IT networking or from basic principles of ICS operation. In this work, we provide the most detailed characterization of an example ICS to date in order to determine if these common assumptions hold true. A live power distribution substation is observed over the course of two and a half years to measure its behavior and evolution over time. Then, a horizontal study is conducted that compared this behavior with three other substations from the same company. Although most predictions were found to be correct, some unexpected behavior was observed that highlights the fundamental differences between ICS and IT networks including round trip times dominated by processing speed as opposed to network delay, several well known TCP features being largely irrelevant, and surprisingly large jitter from devices running real-time operating systems. The impact of these observations is discussed in terms of generality to other embedded networks, network security applications, and the suitability of the TCP protocol for this environment.

References

  1. Nmap - free security scanner for network exploration & security audits. http://nmap.org/. Accessed 2015--11--23.Google ScholarGoogle Scholar
  2. Ieee standard for electric power systems communications -- distributed network protocol (dnp3). IEEE Std 1815--2010, pages 1--775, July 2010.Google ScholarGoogle Scholar
  3. R. Barbosa, R. Sadre, and A. Pras. A first look into scada network traffic. In Network Operations and Management Symposium (NOMS), 2012 IEEE, pages 518--521, April 2012.Google ScholarGoogle ScholarCross RefCross Ref
  4. A. B. Downey. Lognormal and pareto distributions in the internet. Computer Communications, 28(7):790 -- 801, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Dunkels. Full tcp/ip for 8-bit architectures. In Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, MobiSys '03, pages 85--98, New York, NY, USA, 2003. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Formby, S. S. Jung, J. Copeland, and R. Beyah. An empirical study of tcp vulnerabilities in critical power system devices. In Proceedings of the 2Nd Workshop on Smart Energy Grid Security, SEGS '14, pages 39--44, New York, NY, USA, 2014. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Formby, P. Srinivasan, A. Leonard, J. Rogers, and R. Beyah. Who's in control of your control system? device fingerprinting for industrial control system networks. In 2016 Symposium on Network and Distributed System Security (NDSS'16), February 2016.Google ScholarGoogle ScholarCross RefCross Ref
  8. C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and S. Diot. Packet-level traffic measurements from the sprint ip backbone. Network, IEEE, 17(6):6--16, Nov 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. ICS-CERT. Icsa-15--295-01, 2015.Google ScholarGoogle Scholar
  10. ICS-CERT. Icsa-15--300-01, 2015.Google ScholarGoogle Scholar
  11. ICS-CERT. Icsa-16-070-01, 2016.Google ScholarGoogle Scholar
  12. V. Jacobson. Congestion avoidance and control. SIGCOMM Comput. Commun. Rev., 18(4):314--329, Aug. 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. S. S. Jung, D. Formby, C. Day, and R. Beyah. A first look at machine-to-machine power grid network traffic. In Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, pages 884--889, Nov 2014.Google ScholarGoogle ScholarCross RefCross Ref
  14. M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow. Tcp selective acknowledgment options, October 1996. RFC 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. V. Paxson. End-to-end internet packet dynamics. Networking, IEEE/ACM Transactions on, 7(3):277--292, Jun 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. V. Paxson and M. Allman. Computing tcp's retransmission timer, November 2000. RFC 2988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. V. Paxson, M. Allman, J. Chu, and M. Sargent. Computing tcp's retransmission timer, June 2011. RFC 6298.Google ScholarGoogle Scholar
  18. I. Psaras and V. Tsaoussidis. The tcp minimum rto revisited. In IFIP Networking, May 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. Z. Shafiq, L. Ji, A. X. Liu, J. Pang, and J. Wang. A first look at cellular machine-to-machine traffic: Large scale measurement and characterization. In Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS '12, pages 65--76, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Q. Shan, I. Glover, P. Moore, I. Portugues, R. Watson, and R. Rutherford. Performance of zigbee in electricity supply substations. In Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference on, pages 3871--3874, Sept 2007.Google ScholarGoogle ScholarCross RefCross Ref
  21. M. Zalewski. p0f v3. http://lcamtuf.coredump.cx/p0f3/. Accessed 2015-11-23.Google ScholarGoogle Scholar

Index Terms

  1. A Case Study in Power Substation Network Dynamics

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems
          Proceedings of the ACM on Measurement and Analysis of Computing Systems  Volume 1, Issue 1
          June 2017
          712 pages
          EISSN:2476-1249
          DOI:10.1145/3107080
          Issue’s Table of Contents

          Copyright © 2017 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 13 June 2017
          Published in pomacs Volume 1, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!