Abstract-Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for the Jamming attack does not defend against other attacks (e.g., Sybil and Selective Forwarding). In reality, one cannot know a priori what type of attack an adversary will launch. This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers statistics relevant for the defense mechanisms. The MCore allows for the monitoring of both internal and external threats and supports the execution of multiple detection and defense mechanisms (DDMs) against different threats in parallel. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation of memory, communication, and sensing components shows that Di-Sec is feasible on today's resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the basic functionality of Di-Sec by implementing and simultaneously executing DDMs for attacks at various layers of the communication stack (i.e., Jamming, Selective Forwarding, Sybil, and Internal attacks).
The purpose of network traffic characterization is to explore unknown patterns in different types of network communications to help improve many aspects of the network. While many previous studies have explored the characterization of many different networks (e.g., university networks), the power grid network (and other SCADA networks) characterization has not yet been studied. In this paper, we provide a characterization of the power grid network to answer questions like the following: i) how stable is the communication based on configurations?; ii) are there different observable traffic patterns in different vendor equipment?; iii) are there trends in the network traffic?; iv) can information be gathered from the traffic characterization to help secure the power grid network? To address these questions, we have collected power grid network traffic in a live substation for two months and conducted an empirical study to identify network traffic behaviors in the live substation. Our empirical study shows different behaviors between the devices and vendors when they communicate with each other.
Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.