Vulnerability Analysis Of IEEE 1588 Precise Time Protocol

With the development of the industrial informatization, the problems of security in Industrial Control Network have been gradually exposed, which mainly involves specified industrial communication protocols. Precise time protocol as one of the most important industrial communication protocols, ensures the real-time performance of industrial control system. Considering that the related researches have not yet formed a mature system, in this thesis, we regard IEEE 1588 PTP as the object of vulnerability analysis creatively. The work carried out in this thesis is as follow:(1) A method of analyzing the reachability of the vulnerable state of precise time protocol based on colored Petri net is proposed. Colored Petri net is introduced as a modeling tool. The colored Petri net models of normal precise time protocol and precise time protocol under MIM (Man-in-the-middle) attack are built respectively. The reachability issue of vulnerable state of precise time protocol is transformed into solving linear equation through introducing sate equation, sate transition matrix. The attack sequence is then obtained. After determining the reachability of vulnerable state through judging the validity of the attack sequence, the existence of available vulnerability of precise time protocol is proved.(2) A method of analyzing the steady-state probability of the vulnerable state of precise time protocol based on stochastic Petri net is proposed. Stochastic Petri net is introduced as a modeling tool. The stochastic Petri net model of precise time protocol under MIM attack is then built. According to the isomorphic Markov chain obtained from the stochastic model we built before, the steady-state probability expressions of all states in the process of precise time protocol can be obtained. Through changing state transition rate of several vulnerability-related states, the change of steady-state probability of ending normally state and ending abnormally state (also known as vulnerable state) are achieved. Larger the steady-state probability of vulnerable state is, more vulnerable the precise time protocol is, and more probable the real-time clock of node device will be manipulated by the attacker. In accordance with the result of simulation, the state transition rate which affects the vulnerability of precise time protocol can be determined, and can also be reflected as the corresponding parameters in practical industrial field. At last, the factors that have impacts on vulnerability of precise time protocol are determined and quantitatively indicated.(3) A method of analyzing the optimal strategy of utilizing the vulnerability of precise time protocol is proposed based on stochastic game. Firstly, the stochastic model of clock synchronization protocol under rational attack from outside is built. In this model, security and dependability issues have been taken into consideration, and multi-path of vulnerability utilization is introduced. What’s more, game factor is introduced based on the stochastic model in order to depict the process of state transition, and then the stochastic model is obtained. The parameters of this model are quantized according to the configurations used in practical industrial field. The NE (Nash Equilibrium) of each game element, namely the optimal strategy of atomic attack, can therefore be obtained through iterative computation. At last the optimal strategy of utilizing the vulnerability of precise time protocol, namely the strategy that realizes the attack with the minimum costs of rational attackers, can be obtained. At the same time, the preference of attackers’, namely the fact that among all the messages involved in the process of time synchronization, traditional attackers tend to regard synchronization request message and synchronization response message as the attacking target, are obtained.