Covert channel communication through physical interdependencies in cyber-physical infrastructures

Luis Garcia, Henry Senyondo, Stephen McLaughlin, Saman Zonouz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.

Original languageEnglish
Title of host publication2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages952-957
Number of pages6
ISBN (Print)9781479949342
DOIs
StatePublished - Jan 12 2015
Event2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 - Venice, Italy
Duration: Nov 3 2014Nov 6 2014

Other

Other2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
CountryItaly
CityVenice
Period11/3/1411/6/14

Fingerprint

communications
infrastructure
communication
Communication
Intrusion detection
Controllers
Sensors
Programmable logic controllers
Electric power systems
Power control
control system
Inspection
Topology
traffic
Control systems
cause
Substrates

ASJC Scopus subject areas

  • Communication
  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Garcia, L., Senyondo, H., McLaughlin, S., & Zonouz, S. (2015). Covert channel communication through physical interdependencies in cyber-physical infrastructures. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 (pp. 952-957). [7007771] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2014.7007771

Covert channel communication through physical interdependencies in cyber-physical infrastructures. / Garcia, Luis; Senyondo, Henry; McLaughlin, Stephen; Zonouz, Saman.

2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 952-957 7007771.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Garcia, L, Senyondo, H, McLaughlin, S & Zonouz, S 2015, Covert channel communication through physical interdependencies in cyber-physical infrastructures. in 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014., 7007771, Institute of Electrical and Electronics Engineers Inc., pp. 952-957, 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014, Venice, Italy, 11/3/14. https://doi.org/10.1109/SmartGridComm.2014.7007771
Garcia L, Senyondo H, McLaughlin S, Zonouz S. Covert channel communication through physical interdependencies in cyber-physical infrastructures. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 952-957. 7007771 https://doi.org/10.1109/SmartGridComm.2014.7007771
Garcia, Luis ; Senyondo, Henry ; McLaughlin, Stephen ; Zonouz, Saman. / Covert channel communication through physical interdependencies in cyber-physical infrastructures. 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 952-957
@inproceedings{3b5b0c64ea7249ef9fdc1629023f8a6f,
title = "Covert channel communication through physical interdependencies in cyber-physical infrastructures",
abstract = "Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.",
author = "Luis Garcia and Henry Senyondo and Stephen McLaughlin and Saman Zonouz",
year = "2015",
month = "1",
day = "12",
doi = "10.1109/SmartGridComm.2014.7007771",
language = "English",
isbn = "9781479949342",
pages = "952--957",
booktitle = "2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Covert channel communication through physical interdependencies in cyber-physical infrastructures

AU - Garcia, Luis

AU - Senyondo, Henry

AU - McLaughlin, Stephen

AU - Zonouz, Saman

PY - 2015/1/12

Y1 - 2015/1/12

N2 - Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.

AB - Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.

UR - http://www.scopus.com/inward/record.url?scp=84922438423&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84922438423&partnerID=8YFLogxK

U2 - 10.1109/SmartGridComm.2014.7007771

DO - 10.1109/SmartGridComm.2014.7007771

M3 - Conference contribution

SN - 9781479949342

SP - 952

EP - 957

BT - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -