A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing
The existing fuzzing methods for industrial control protocol do not consider the characteristics of the embedded terminal systems, and have few research on the industrial control protocol without TCP/IP. Firstly, a fuzzing-based method for mining generic object-oriented substation event (GOOSE) prot...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
State Grid Energy Research Institute
2022-04-01
|
| Series: | Zhongguo dianli |
| Subjects: | |
| Online Access: | https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202109105 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850053981976395776 |
|---|---|
| author | Linbin LIU Quanqiang MIAO June LI |
| author_facet | Linbin LIU Quanqiang MIAO June LI |
| author_sort | Linbin LIU |
| collection | DOAJ |
| description | The existing fuzzing methods for industrial control protocol do not consider the characteristics of the embedded terminal systems, and have few research on the industrial control protocol without TCP/IP. Firstly, a fuzzing-based method for mining generic object-oriented substation event (GOOSE) protocol parsing vulnerabilities is proposed: the mutation mode is used to generate test cases, and three mutation strategies are presented based on GOOSE message field type, abstract syntax notation one (ASN.1) encoding mode and bit reversal; two terminal abnormalities monitoring methods are proposed based on GOOSE heartbeat message and system operation information. Then, the implementation system architecture and test process of the proposed method are designed. Two undisclosed GOOSE protocol parsing vulnerabilities are discovered in testing the embedded terminals of a manufacturer in a smart substation laboratory environment, which verifies the effectiveness of the proposed method. Finally, recommendations for preventing malformed message attacks are put forward based on such vulnerabilities. |
| format | Article |
| id | doaj-art-2b73c07d848b43b3af3714f8c4eec40c |
| institution | DOAJ |
| issn | 1004-9649 |
| language | zho |
| publishDate | 2022-04-01 |
| publisher | State Grid Energy Research Institute |
| record_format | Article |
| series | Zhongguo dianli |
| spelling | doaj-art-2b73c07d848b43b3af3714f8c4eec40c2025-08-20T02:52:24ZzhoState Grid Energy Research InstituteZhongguo dianli1004-96492022-04-01554334310.11930/j.issn.1004-9649.202109105zgdl-55-04-liubinbinA Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on FuzzingLinbin LIU0Quanqiang MIAO1June LI2Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (School of Cyber Science and Engineering, Wuhan University), Wuhan 430072, ChinaKey Laboratory of Electro-optical Countermeasures Test & Evaluation Technology, Luoyang 471000, ChinaKey Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (School of Cyber Science and Engineering, Wuhan University), Wuhan 430072, ChinaThe existing fuzzing methods for industrial control protocol do not consider the characteristics of the embedded terminal systems, and have few research on the industrial control protocol without TCP/IP. Firstly, a fuzzing-based method for mining generic object-oriented substation event (GOOSE) protocol parsing vulnerabilities is proposed: the mutation mode is used to generate test cases, and three mutation strategies are presented based on GOOSE message field type, abstract syntax notation one (ASN.1) encoding mode and bit reversal; two terminal abnormalities monitoring methods are proposed based on GOOSE heartbeat message and system operation information. Then, the implementation system architecture and test process of the proposed method are designed. Two undisclosed GOOSE protocol parsing vulnerabilities are discovered in testing the embedded terminals of a manufacturer in a smart substation laboratory environment, which verifies the effectiveness of the proposed method. Finally, recommendations for preventing malformed message attacks are put forward based on such vulnerabilities.https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202109105fuzzinggoose protocolgrid embedded terminalvulnerability miningmalformed message attack |
| spellingShingle | Linbin LIU Quanqiang MIAO June LI A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing Zhongguo dianli fuzzing goose protocol grid embedded terminal vulnerability mining malformed message attack |
| title | A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing |
| title_full | A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing |
| title_fullStr | A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing |
| title_full_unstemmed | A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing |
| title_short | A Method for Mining GOOSE Protocol Parsing Vulnerabilities Based on Fuzzing |
| title_sort | method for mining goose protocol parsing vulnerabilities based on fuzzing |
| topic | fuzzing goose protocol grid embedded terminal vulnerability mining malformed message attack |
| url | https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202109105 |
| work_keys_str_mv | AT linbinliu amethodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing AT quanqiangmiao amethodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing AT juneli amethodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing AT linbinliu methodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing AT quanqiangmiao methodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing AT juneli methodformininggooseprotocolparsingvulnerabilitiesbasedonfuzzing |