By Topic

TCP veto: A novel network attack and its Application to SCADA protocols

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
John T. Hagen ; Electrical and Computer Engineering Department, Air Force Institute of Technology, WPAFB, OH 45433 USA ; Barry E. Mullins

TCP veto is a detection-resistant variation of the TCP connection hijacking attack. While not limited to SCADA protocols, Modbus TCP, the Ethernet Industrial Protocol (EtherNet/IP), and the Distributed Network Protocol (DNP3) each meet the necessary assumptions of the attack. Experimental results reveal that the integrity of messages transmitted using each of the three SCADA protocols are vulnerable to TCP veto. Additionally, TCP veto produces up to 600 times less network traffic during its attack than connection hijacking. This work underscores the vulnerability of current SCADA protocols that communicate over TCP/IP to network attack. A method to definitively identify TCP veto requires a detection system to perform deep packet inspection on every TCP packet of a monitored connection. Methods for mitigating the attack through message authentication include implementing DNP3 with Secure Authentication, tcpcrypt, or Internet Protocol Security (IPsec).

Published in:

Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES

Date of Conference:

24-27 Feb. 2013