{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T16:18:59Z","timestamp":1778948339415,"version":"3.51.4"},"reference-count":29,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2018,8,6]],"date-time":"2018-08-06T00:00:00Z","timestamp":1533513600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2019,3,29]]},"abstract":"Most of the world\u2019s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated.<\/jats:p>\n We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol\u2019s sub-protocols. In doing so, we consider the full state machine, the protocol\u2019s asymmetric mode, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard\u2019s intended security properties. For our analysis, we leverage the Tamarin\u00a0prover for the symbolic analysis of security protocols.<\/jats:p>\n Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard.<\/jats:p>","DOI":"10.3233\/jcs-181139","type":"journal-article","created":{"date-parts":[[2018,8,10]],"date-time":"2018-08-10T10:52:14Z","timestamp":1533898334000},"page":"203-232","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":22,"title":["Secure authentication in the grid: A\u00a0formal\u00a0analysis\u00a0of\u00a0DNP3\u00a0SAv5"],"prefix":"10.1177","volume":"27","author":[{"given":"Cas","family":"Cremers","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center i.G., Saarland Informatics Campus, Saarbr\u00fccken, Germany. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Dehnel-Wild","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin","family":"Milner","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2018,8,6]]},"reference":[{"key":"ref001","unstructured":"Alliance for Telecommunications Industry Solutions, Glossary, http:\/\/www.atis.org\/glossary\/definition.aspx?id=3961 (Accessed April 2017)."},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"R.\u00a0Amoah, Formal security analysis of the DNP3-Secure Authentication Protocol, PhD thesis, Queensland University of Technology, 2016.","DOI":"10.1016\/j.jnca.2015.05.015"},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.05.015"},{"key":"ref004","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2016.2587883"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"R.\u00a0Amoah, S.\u00a0Suriadi, S.A.\u00a0\u00c7amtepe and E.\u00a0Foo, Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model, in: IEEE International Conference on Communications, ICC 2014, 2014, pp.\u00a0827\u2013833. doi:10.1109\/ICC.2014.6883422.","DOI":"10.1109\/ICC.2014.6883422"},{"key":"ref006","unstructured":"D.\u00a0Basin, C.\u00a0Cremers, J.\u00a0Dreier, S.\u00a0Meier, S.\u00a0Radomirovic, R.\u00a0Sasse, L.\u00a0Schmid and B.\u00a0Schmidt, The Tamarin Prover Manual, 2016, https:\/\/tamarin-prover.github.io\/manual\/book\/001_introduction.html, Creative Commons: Attribution-NonCommercial-ShareAlike 4.0 International License."},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.162"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"D.J.\u00a0Bernstein, T.\u00a0Lange and R.\u00a0Niederhagen, Dual EC: A Standardized Back Door, 2015, https:\/\/eprint.iacr.org\/2015\/767.pdf.","DOI":"10.1007\/978-3-662-49301-4_17"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"K.\u00a0Bhargavan, A.\u00a0Delignat-Lavaud, C.\u00a0Fournet, A.\u00a0Pironti and P.\u00a0Strub, Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS, in: 2014 IEEE Symposium on Security and Privacy, 2014, pp.\u00a098\u2013113. doi:10.1109\/SP.2014.14.","DOI":"10.1109\/SP.2014.14"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"C.\u00a0Boyd and A.\u00a0Mathuria, Protocols for Authentication and Key Establishment, Information Security and Cryptography, Springer, 2003, ISBN 978-3-642-07716-6. doi:10.1007\/978-3-662-09527-0.","DOI":"10.1007\/978-3-662-09527-0"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"C.\u00a0Cremers, M.\u00a0Dehnel-Wild and K.\u00a0Milner, Secure authentication in the grid: A formal analysis of DNP3: SAv5, in: Computer Security\u00a0\u2013 ESORICS 2017\u00a0\u2013 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11\u201315, 2017, Proceedings, Part I, S.N.\u00a0Foley, D.\u00a0Gollmann and E.\u00a0Snekkenes, eds, Lecture Notes in Computer Science, Vol.\u00a010492, Springer, 2017, pp.\u00a0389\u2013407. ISBN 978-3-319-66401-9. doi:10.1007\/978-3-319-66402-6_23.","DOI":"10.1007\/978-3-319-66402-6_23"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"C.\u00a0Cremers, M.\u00a0Dehnel-Wild and K.\u00a0Milner, DNP3 Secure Authentication v5 Tamarin Model (with Asymmetric mode of UKCP), 2018, https:\/\/github.com\/tamarin-prover\/tamarin-prover\/tree\/develop\/examples\/jcs18\/.","DOI":"10.23919\/FMCAD.2017.8102229"},{"key":"ref013","doi-asserted-by":"crossref","unstructured":"J.P.\u00a0Degabriele, V.\u00a0Fehr, M.\u00a0Fischlin, T.\u00a0Gagliardoni, F.\u00a0G\u00fcnther, G.A.\u00a0Marson, A.\u00a0Mittelbach and K.G.\u00a0Paterson, Unpicking PLAID\u00a0\u2013 a cryptographic analysis of an ISO-standards-track authentication protocol, in: Security Standardisation Research\u00a0\u2013 First International Conference, SSR 2014, 2014, pp.\u00a01\u201325.","DOI":"10.1007\/978-3-319-14054-4_1"},{"key":"ref014","unstructured":"DNP Users Group, A DNP3 Protocol Primer (Revision A), 2005, https:\/\/www.dnp.org\/AboutUs\/DNP3%20Primer%20Rev%20A.pdf (Accessed April 2017)."},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"ref016","doi-asserted-by":"crossref","unstructured":"S.\u00a0East, J.\u00a0Butts, M.\u00a0Papa and S.\u00a0Shenoi, A taxonomy of attacks on the DNP3 protocol, in: Critical Infrastructure Protection III\u00a0\u2013 Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, 2009, pp.\u00a067\u201381.","DOI":"10.1007\/978-3-642-04798-5_5"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"N.\u00a0Gura, A.\u00a0Patel, A.\u00a0Wander, H.\u00a0Eberle and S.C.\u00a0Shantz, Comparing elliptic curve cryptography and RSA on 8-bit CPUs, in: CHES 2004, 2004, pp.\u00a0119\u2013132.","DOI":"10.1007\/978-3-540-28632-5_9"},{"key":"ref018","unstructured":"IEC, IEC\/TS 62351-5:2013, Power systems management and associated information exchange\u00a0\u2013 Data and communications security\u00a0\u2013 Part 5: Security for IEC 60870-5 and derivatives,\n International Electrotechnical Commission\n (2013)."},{"key":"ref019","unstructured":"IEC, IEC\/TS 62351-2:2008, Power systems management and associated information exchange\u00a0\u2013 Data and communications security\u00a0\u2013 Part 2: Glossary of terms,\n International Electrotechnical Commission\n (2008)."},{"key":"ref020","unstructured":"IEEE, 1815-2012\u00a0\u2013 IEEE Standard for Electric Power Systems Communications-Distributed Network Protocol (DNP3),\n IEEE Std 1815-2012 (Revision of IEEE Std 1815-2010)\n (2012), 1\u2013821, http:\/\/ieeexplore.ieee.org\/document\/6327578\/."},{"key":"ref021","unstructured":"ISO\/IEC, ISO\/IEC 9798-1:1997, Part 1: General, 1997, https:\/\/www.iso.org\/standard\/27743.html (Accessed April 2017)."},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"J.\u00a0Kelsey, B.\u00a0Schneier and D.A.\u00a0Wagner, Protocol interactions and the chosen protocol attack, in: Security Protocols, 5th Workshop, 1997, pp.\u00a091\u2013104.","DOI":"10.1007\/BFb0028162"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"G.\u00a0Lowe, A hierarchy of authentication specifications, in: Proceedings 10th Computer Security Foundations Workshop, 1997, pp.\u00a031\u201343, ISSN 1063-6900. doi:10.1109\/CSFW.1997.596782.","DOI":"10.1109\/CSFW.1997.596782"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"N.\u00a0Mavrogiannopoulos, F.\u00a0Vercauteren, V.\u00a0Velichkov and B.\u00a0Preneel, A cross-protocol attack on the TLS protocol, in: ACM CCS\u201912, 2012, pp.\u00a062\u201372. doi:10.1145\/2382196.2382206.","DOI":"10.1145\/2382196.2382206"},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"S.\u00a0Meier, B.\u00a0Schmidt, C.\u00a0Cremers and D.\u00a0Basin, The TAMARIN prover for the symbolic analysis of security protocols, in: Proceedings of the 25th International Conference on Computer Aided Verification, CAV\u201913, Springer-Verlag, 2013, pp.\u00a0696\u2013701. ISBN 978-3-642-39798-1. doi:10.1007\/978-3-642-39799-8_48.","DOI":"10.1007\/978-3-642-39799-8_48"},{"key":"ref026","doi-asserted-by":"crossref","unstructured":"K.G.\u00a0Paterson and T.\u00a0van\u00a0der Merwe, Reactive and proactive standardisation of TLS, in: Security Standardisation Research, 2016, pp.\u00a0160\u2013186. doi:10.1007\/978-3-319-49100-4_7.","DOI":"10.1007\/978-3-319-49100-4_7"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"R.\u00a0Shirey, RFC 2828\u00a0\u2013 Internet security glossary, 2000, 2000, https:\/\/www.ietf.org\/rfc\/rfc2828.txt (Accessed April 2017).","DOI":"10.17487\/rfc2828"},{"key":"ref028","unstructured":"M.\u00a0Stevens, E.\u00a0Bursztein, P.\u00a0Karpman, A.\u00a0Albertini et\u00a0al., Announcing the first SHA1 collision, 2017, https:\/\/security.googleblog.com\/2017\/02\/announcing-first-sha1-collision.html (Accessed April 2017)."},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"R.\u00a0Tawde, A.\u00a0Nivangune and M.\u00a0Sankhe, Cyber security in smart grid SCADA automation systems, in: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015, pp.\u00a01\u20135.","DOI":"10.1109\/ICIIECS.2015.7192918"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-181139","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-181139","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-181139","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:17Z","timestamp":1777495517000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-181139"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,6]]},"references-count":29,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,3,29]]}},"alternative-id":["10.3233\/JCS-181139"],"URL":"https:\/\/doi.org\/10.3233\/jcs-181139","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8,6]]}}}