TY - GEN
T1 - Covert channel communication through physical interdependencies in cyber-physical infrastructures
AU - Garcia, Luis
AU - Senyondo, Henry
AU - McLaughlin, Stephen
AU - Zonouz, Saman
PY - 2015/1/12
Y1 - 2015/1/12
N2 - Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.
AB - Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power network's topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.
UR - https://www.scopus.com/pages/publications/84922438423
UR - https://www.scopus.com/pages/publications/84922438423#tab=citedBy
U2 - 10.1109/SmartGridComm.2014.7007771
DO - 10.1109/SmartGridComm.2014.7007771
M3 - Conference contribution
T3 - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
SP - 952
EP - 957
BT - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
Y2 - 3 November 2014 through 6 November 2014
ER -