Cyber security of IED devices used in Smart Grid Applications

Number of Students : 2
Guides : Haresh Dagale, Chandramani Singh

Introduction:
IED devices are classified as embedded devices with very little knowledge of what goes into it. Any vulnerability planted intentionally or unintentionally can have serious consequences. There are no independent tools available to do the security analysis of such devices, which constitutes as a basic building block of power grid network.

Description:
Intelligent Electronic Device (IED) is a critical embedded device in power grid OT network. These devices need to be trustworthy for making OT network secured and reliable. Any vulnerability, intentional or otherwise, can have very serious implications on the grid security. It is important to build security analysis tools for evaluating IEDs for possible hardware or software vulnerabilities that can be exploited to attack power grid network. Further, it is also important to build dataset [1] of firmware images that can be used for security analysis and to keep track of vulnerabilities that gets reported. This database will be useful in validating the field deployed embedded devices. Further, static and dynamic software analysis tools can be used to examine calls to vulnerable libraries or unexpected calls to hidden malicious code.

Technical Approach:
We need to extract binary images from the commonly used IEDs and develop a binary analysis tool that will use various techniques to extract features, for example library calls from the binary image. We can leverage the fact that software components get reused often. In particular, open-source software components that are used in many products to shorten their development cycles. The extracted features will allow us to determine the external software components used to build the binary and to flag if any vulnerability has been reported for it. The binary analysis will also allow us to develop software call graphs. That in turn can be used to determine how frequently a given routine is used. That will also help in detecting dormant code, if any. In some cases, physical access to device can provide opportunity to malicious user to compromise IED using hardware interfaces used for accepting inputs from external world. Therefore, security analysis must include visual inspection and interrogation of hardware interfaces for possible unauthorized access in case malicious person gain physical access to such device.

References:
P. Shirani, L. Collard, B. Label, M. Debbabi, L. Wang and et.al., “BINARM: Scalable and Efficient Detection of Vulnerabilities in Firmware Images of Intelligent Electronic Devices,” Springer International Publishing, pp. 114–138, 2018