CISPA
Browse
cispa_all_2651.pdf (791.98 kB)

Secure authentication in the grid: A formal analysis of DNP3 SAv5

Download (791.98 kB)
journal contribution
posted on 2023-11-29, 18:07 authored by Cas CremersCas Cremers, Martin Dehnel-Wild, Kevin Milner
Most of the world's power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol's sub-protocols. In doing so, we consider the full state machine, the protocol's asymmetric mode, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard's intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols. Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard.

History

Preferred Citation

Cas Cremers, Martin Dehnel-Wild and Kevin Milner. Secure authentication in the grid: A formal analysis of DNP3 SAv5. In: Journal of Computer Security. 2019.

Primary Research Area

  • Reliable Security Guarantees

Legacy Posted Date

2018-09-25

Journal

Journal of Computer Security

Pages

203 - 232

Open Access Type

  • Green

Sub Type

  • Article

BibTeX

@article{cispa_all_2651, title = "Secure authentication in the grid: A formal analysis of DNP3 SAv5", author = "Cremers, Cas and Dehnel-Wild, Martin and Milner, Kevin", journal="{Journal of Computer Security}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC