Investigation of Complex Cybersecurity Attacks on Synchronisation and Time-Aware Shaping in a TSN-Network

Industry 4.0 requires a convergence of the Information Technology (IT) and Operational Technology (OT) world. Therefore, a common communication medium such as Ethernet is required to fulfill the demands of both worlds. Time-Sensitive Networking (TSN) was implemented by the Institute of Electrical and Electronics Engineers (IEEE) to enable the real-time capabilities for Ethernet, which are required in the OT world. However, TSN neglect security aspects, visible in the high amount of vulnerabilities according to prior research. This paper investigates the influence of given synchronisation attacks onto the associated Time-Aware Shaper (TAS) of the attacked device.
For this a test bench was created, in which the effects of the attacks on the synchronisation are emulated. Hereby the influence of common attack patterns, such as a Denial-of-Service (DoS), an Adversary-in-the-Middle (AitM) and a replay attacks are emulated onto the synchronisation of the network. The impact of the attack emulation on the TAS was then investigated. The results show that the replay attack as well as the manipulation of the timestamps as an AitM, shift the time of frame transmission in their respective ways. The DoS attack on the synchronisation also lead to an asynchronous behaviour of the device’s TAS. This however happened, because the PTP client stops its synchronisation with the connected device, after a given threshold of missed frames was exceeded. Furthermore, this impact on the TAS can be used as an indication for an intrusion detection system, that a potential attack on the synchronisation has occurred. This can be achieved by observing the behaviour of the gate events from the observed device.