Security Analysis of Wide Area Networks for Power Utilities

Wide-area smart grids require an upgrade in the communication infrastructure of power utilities. The use of IP based protocols reduces cost and increases robustness but introduces specific security vulnerabilities, the solution of which may conflict with the strict timing constraints of power-utility networks. We propose to formally verify the security properties of such networks, analyze whether they conflict with delay constraints and if necessary, propose modifications.

MPLS-TP

The MPLS Transport Profile (MPLS-TP) is one of the proposed communication technologies for smart grids. The security guidelines of the MPLS-TP standards are written in a complex and indirect way, which led us to pose as hypothesis that vendor solutions might not implement them satisfactorily. In [1], we investigate the security implementation of MPLS-TP OAM (Operations, Administration, and Maintenance) protocols such as bidirectional forwarding detection (BFD) and protection state coordination (PSC). The former is used to detect failures in label-switched paths (LSPs) while the latter is used to coordinate protection switching (fast reroute).

Topology used for BFD attacks

[1] Jayasinghe, U., Barreto, S., Popovic, M., Tesfay, T.T., and Le Boudec, J.Y., "Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile", Smart Energy Grid Security Workshop (SEGS) in conjunction with 21st ACM Conference on Computer and Communications Security, Scottsdale, USA, November 3 - 7, 2014.