PI: Qinghua Li, University of Arkansas
Many communication messages in electric substations of the power grid need to be delivered in a very short time (e.g., 3ms according to IEC 61850). However, the delivery delay of such messages is sensitive to flooding attacks that will increase the delay. In addition, IEC 62351 specifies that these messages should be signed with digital signatures to provide authentication. The processing of signature generation and verification further increases the delay of message delivery and makes time-critical messages more sensitive to flooding attacks.
In this project, we first experimentally study how flooding attacks affect the delivery delay of authenticated time-critical messages in wireless and wired networks, considering both connectionless communications and connection-oriented communications. Experimental results show that simple (i.e., periodic) flooding attacks can easily increase the delay of time-critical communications in wireless networks (WiFi) but not in wired networks (switched Ethernet). Then we identify a practical intelligent flooding attack where even a small number of flooding packets can significantly increase the delivery delay of time-critical messages in a wired network. Finally, we develop a defense tool to detect the intelligent attack and evaluate its effectiveness.