Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Disruption of Commercial Solar Inverter System by TLS Proxy Man-in-the-Middle Attack

Journal Article · · 2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS)
 [1];  [2];  [2];  [2];  [2];  [2]
  1. Texas A&M Univ., Kingsville, TX (United States); Texas A&M University-Kingsville
  2. Texas A&M Univ., Kingsville, TX (United States)
+ Show Author Affiliations

Transport Layer Security (TLS) is a cryptographic protocol that encrypts communication data, providing end-to-end communication encryption and authentication. Currently, TLS is widely adopted for securing communication between servers and end devices, including solar inverter systems. Therefore, users/operators can securely access the solar inverters through a web user interface (WebUI) application programmable interface (API) on a PC or server over TLS-enabled Wi-Fi or Ethernet. However, the security of the TLS-based network becomes compromised if it is breached by a TLS proxy man-in-the-middle (MITM) exploit. This report explores potential vulnerabilities in a commercial solar inverter system that leverages a TLS proxy MITM and discusses the impacts through assume-breached penetration testing. Furthermore, the paper explores recommended mitigation methods against the TLS proxy MITM exploit in solar inverters.

Research Organization:
Univ. of Arkansas, Fayetteville, AR (United States)
Sponsoring Organization:
USDOE Office of Energy Efficiency and Renewable Energy (EERE), Renewable Power Office. Solar Energy Technologies Office; National Science Foundation (NSF)
Grant/Contract Number:
EE0009026
OSTI ID:
2345004
Journal Information:
2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS), Journal Name: 2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS) Vol. None; ISSN 2769-3899
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (7)

Cybersecurity for distributed energy resources and smart inverters journal December 2016
Cyber Security Risk Assessment of Solar PV Units with Reactive Power Capability conference October 2018
On a Future for Smart Inverters with Integrated System Functions conference June 2018
MitM Tool Analysis for TLS Forensics conference August 2021
An Overview of Cyber-Resilient Smart Inverters Based on Practical Attack Models journal April 2024
Off-Path Attacks Against PKI conference October 2018
The Security Impact of HTTPS Interception conference January 2017

Similar Records

Blockchain-Based Man-in-the-Middle (MITM) Attack Detection for Photovoltaic Systems
Conference · Mon Sep 06 00:00:00 EDT 2021 · 2021 IEEE Design Methodologies Conference (DMC) · OSTI ID:2344947
A Cryptographic Method for Defense Against MiTM Cyber Attack in the Electricity Grid Supply Chain
Conference · Sun Apr 24 00:00:00 EDT 2022 · 2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT) · OSTI ID:1997526
Provably Secure Password-based Authentication in TLS
Conference · Mon Dec 19 23:00:00 EST 2005 · OSTI ID:881394

Related Subjects

97 MATHEMATICS AND COMPUTING
cybersecurity
man-in-the-middle attack
penetration testing
solar inverter
transport layer security proxy