Enhanced Authentication and Device Integrity Protection for GDOI using
Blockchain
Abstract
The new wave of device-level cyber-attacks has targeted IoT
critical applications, such as in power distribution systems integrated
with the Internet communications infrastructure. These systems utilise
Group Domain of Interpretation (GDOI) as designated by International
Electrotechnical Commission (IEC) power utility standards IEC 61850 and
IEC 62351. However, GDOI cannot protect against novel threats, such as
IoT device-level attacks that can modify device firmware and
configuration files to create command and control malicious
communication. As a consequence, the attacks can compromise substations
with potentially catastrophic consequences. With this in mind, this
article proposes a permissioned/private blockchain-based authentication
framework that provides a solution to current security threats such as
the IoT device-level attacks. Our work improves the GDOI protocol
applied in critical IoT applications by achieving decentralized and
distributed device authentication. The security of our proposal is
demonstrated against against known attacks as well as through formal
mechanisms via the joint use of the AVISPA and SPAN tools. The proposed
approach adds negligible authentication latency, thus ensuring
appropriate scalability as the number of nodes increases.