Curriculum Vitae
My academic CV can be downloaded here, and my professional CV here.
Positions
2020
Researcher
Centre for Cyber and Information Security
Supervisor: Prof. Stephen D. Wolthusen
Norwegian University of Science and Technology
Norway
Developed a taxonomy of attack vectors and disruptions in grid level energy storage systems, within a modified IEC27005 and FAIR risk frameworks.
Developed a research and development plan of technical countermeasures.
Communicated a development plan to academic and industrial stakeholders.
2013
Accelerator physicist
Science and Technology Facilities Council
Supervisor: James Jones
UK
Built software that interfaced the Versatile Electron Linear Accelerator’s control with a particle physics simulation package in python.
Deployed a MYSQL database to backup and restore experiment data.
Education
2015-2020
PhD. Information Security
Royal Holloway, University of London
Thesis: On the Use of Queuing Networks to Test the Robustness of Security Protocols:
An Analysis of the Security Vulnerabilities of IEC61850 & IEC62351
Advisor: Prof. Stephen D. Wolthusen
Published [1]Developed and implemented a probabilistic formal method for verifying security protocols against DoS and De-synchronisation attacks in Matlab.
Deployed the implementation against the Smart Grid protocols IEC61850 and IEC60870. Discovered flaws in the multicast messaging services that allow low packet frequency denial of service attacks, and a de-synchronisation attack against the protocol’s control systems.
Created an abstract model to calculate the probability of success of injection attacks against a device.
2010-2015
MPhys Physics with Theoretical Physcis - 2:1
University of Manchester
Thesis: A Comparison of the Capabilities of the Plasma Accelerator Research Station at the
Proposed Compact Linear Accelerator for Research and Applications facility with linear limit of Plasma Wakefield theory
Advisor: Dr. Guoxing Xia
Prizes, Awards, and Fellowships
2017
Young CRITIS Award - Third place
Won for the paper 'De-synchronisation Attack Modelling in Real-Time Protocols using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol.'
2013
University of California Education Abroad Program
Publications
J. G. Wright and S. D. Wolthusen
A Formal Method for Discerning the Functional Limits of Security Protocols in the Face of Disruptive Advresaries.
Unpublished Manuscript
J. G. Wright and S. D. Wolthusen
Time Accuracy De-Synchronisation Attacks Against IEC 60870-5-104 and IEC 61850 Protocols.
In 2019 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT),
pages 1–5, 2019.
Accurate time synchronisation is a key requirement for control and automation protocols with (near) real time requirements such as the IEC 60870-5-104 and 61850 family of standards relying on IP transport, and also represents an attractive attack vector against power systems. We propose a modelling and analytical technique based on queueing theory and study model the behaviour of both protocol standard families for deliberately limited, weak adversaries. We demonstrate the efficacy of the model by identifying a way of undermining measurement and control signal QoS whilst remaining compliant with standards merely by varying inter-arrival rates of legitimate traffic, resulting in de-synchronisation.
J. G. Wright and S. D. Wolthusen
De-synchronisation Attack Modelling in Real-Time Protocols using Queue Networks: Attacking the ISO/IEC 61850 Substation Automation Protocol.
In Critical Information Infrastructures Security,
pages 131–143, 2018.
Applications developed for Supervisory Control And Data Acquisition (SCADA) protocols in several domains, particularly the energy sector, must satisfy hard real-time constraints to ensure the safety of the systems they are deployed on. These systems are highly sensitive to Quality of Service (QoS) violations, but it is not always clear whether a compliant implementation will satisfy the stated QoS of the standard. This paper proposes a framework for studying a protocol’s QoS properties based on a queuing network approach that offers a number of advantages over state machine or model-checking approaches.
The authors describe the framework as an instance of a network of M/M/1/K of queues with the block-after-service discipline, to allow for the analysis of probabilistic packet flows in valid protocol runs. This framework allows for the study of denial of service (DoS), performance degradation, and de-synchronisation attacks. The model is validated by a tool allowing automation of queue network analysis, and is used to demonstrate a possible breach of the QoS guarantees of the ISO/IEC 61850-7-2 substation automation standard with a de-synchronisation attack.
J. G. Wright and S. D. Wolthusen
Stealthy Injection Attacks Against IEC61850’s GOOSE Messaging Service.
In 2018 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe),
pages 1–6, 2018.
IEC61850 and IEC62351 combined provide a set of security promises for the communications channels that are used to run a substation automation system (SAS), that use IEC61850 based technologies. However, one area that is largely untouched by these security promises is the generic object oriented substation events (GOOSE) messaging service. GOOSE is designed to multicast commands and data across a substation within hard real time quality of service (QoS) requirements. This means that GOOSE is unable to implement the required security technologies as the added latency to any message would violate the QoS.
J. G. Wright and S. D. Wolthusen
Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol.
In Critical Information Infrastructures Security,
pages 239–251, 2017.
The ISO/IEC 61850 protocol for substation automation is a key component for the safe and efficient operation of smart grids, whilst offering a substantial range of functions. While extension standards, particularly ISO/IEC 62351 provide further security controls, the baseline protocol offers the assurances of access control and availability. In this paper a systematic study of selected aspects of the basic ISO/IEC 61850 protocol demonstrates that protocol-level vulnerabilities exist. The main finding is the development of a credential interception attack allowing an adversary, without credentials, to hijack a session during an initial association; the feasibility of this attack is proven using a formal language representation. A second attack based on a workflow amplification attack which relies on the assumptions in the protocol’s substation event model, which is independent of layered security controls and only relies on the protocol’s communication patterns is shown.
J. G. Wright and S. D. Wolthusen
Limitations of IEC62351-3’s Public Key Management.
In In 2016 IEEE 24th International Conference on Network Protocols (ICNP),
pages 1–6, 2016.
The ISO/IEC 62351 standard provides a set of security controls and protocols for communications in smart grids based on the ISO/IEC 60870, 61850, and DNP3 standards. It offers the protection goals of confidentiality, integrity, and authentication. In this paper we perform a systematic study of the ISO/IEC 62351-3 standard regarding the use of public key infrastructure in smart grid communication. We show that the standard at present does not align with the quality of service requirements for performance and interoperability in the ISO/IEC 61850 standard and thereby may jeopardise effective operations. We demonstrate that it is possible to claim conformance with the ISO/IEC 62351-3 standard but be vulnerable to denial of service attacks arising from insufficiently specified behaviour for public key certificate validation and revocation. Further issues can give rise to downgrade attacks against cipher suites and protocols used, allowing a man-in-the-middle attacks contrary to the standard's claims.
G. Xia, Y. Nie, O. Mete, K. Hanahoe, M. Dover, M. Wigram, J. G. Wright, J. Zhang, J. Smith, T. Pacey, Y. Li, Y. Wei, and C. Welsch.
Plasma Wakefield Acceleration at CLARA Facility in Daresbury Laboratory
In Nuclear Instruments and Methods in Physics Research Section A: Accelerators, Spectrometers, Detectors and Associated Equipment,
829:43–49, 2016.
A plasma accelerator research station (PARS) has been proposed to study the key issues in electron driven plasma wakefield acceleration at CLARA facility in Daresbury Laboratory. In this paper, the quasi-nonlinear regime of beam driven plasma wakefield acceleration is analysed. The wakefield excited by various CLARA beam settings are simulated by using a 2D particle-in-cell (PIC) code. For a single drive beam, an accelerating gradient up to 3 GV/m can be achieved. For a two bunch acceleration scenario, simulation shows that a witness bunch can achieve a significant energy gain in a 10–50 cm long plasma cell.
G. Xia, Y. Nie, O. Mete, K. Hanahoe, M. Dover, M. Wigram, J. G. Wright, J. Zhang, J. Smith, T. Pacey, Y. Li, Y. Wei, and C. Welsch.
Design Studies and Commissioning Plans for PARS Experimental Program.
In 6th International Particle Accelerator Conference,
page WEPWA048, 2015.
PARS (Plasma Acceleration Research Station) is an electron beam driven plasma wakefield acceleration test stand proposed for VELA/CLARA facility in Daresbury Laboratory. In order to optimise various operational configurations, 2D numerical studies were performed by using VSIM for a range of parameters such as bunch length, radius, plasma density and positioning of the bunches with respect to each other for the two-beam acceleration scheme. In this paper, some of these numerical studies and considered measurement methods are presented.
G. Xia, Y. Nie, O. Mete, K. Hanahoe, M. Dover, M. Wigram, J. G. Wright, J. Zhang, J. Smith, T. Pacey, Y. Li, Y. Wei, and C. Welsch.
Design Studies and Commissioning Plans for PARS Experimental Program.
In Physics of Plasmas,
22(10):103117, 2015.
Plasma acceleration research station is an electron beam driven plasma wakefield acceleration test stand proposed for CLARA facility in Daresbury Laboratory. In this paper, the interaction between the electron beam and the plasma is numerically characterised via 2D numerical studies by using VSIM code. The wakefields induced by a single bunch travelling through the plasma were found to vary from 200 MV/m to 3 GV/m for a range of bunch length, bunch radius, and plasma densities. Energy gain for the particles populating the bunch tail through the wakefields driven by the head of the bunch was demonstrated. After determining the achievable field for various beams and plasma configurations, a reference setting was determined for further studies. Considering this reference setting, the beam quality studies were performed for a two-bunch acceleration case. The maximum energy gain as well as the energy spread mitigation by benefiting from the beam loading was investigated by positioning the witness and driver bunches with respect to each other. Emittance growth mechanisms were studied considering the beam-plasma and beam-wakefield interactions. Eventually, regarding the findings, the initial commissioning plans and the aims for the later stages were summarised.
Invited Talks
2020 - The Reflective Mathematician
Cambridge Ethics in Mathematics Society
2018 - Over the Mountain of Abstraction
The First Meeting on Ethics in Mathematics
2018 - The Dangers of Researching in STEM
Cambridge Ethics in Mathematics Society
2017 - Helper
Queen Mary, University of London’s Intersections Cryptoparty
Scientific Activity
2015-2019
Member
RHUL ISG and Maths Staff Student Committee
Royal Holloway, University of London
Mediated conflicts between staff and students within the department
Lead a survey on desk usage within the department
2016-2017
Founder and Organiser
RHUL Security Ethics Discussion Group
Royal Holloway, University of London
Lead a weekly discussion group on the implications on cyber-security technologies.
2014-2015
Representative
UoM Physics Department Staff Student Committee
University of Manchester
Lobbied to overturn the department’s policy to ban calculators in exams.
Other Experience
2014
Intern
University of Manchester’s Mathematical Physics group
University of Manchester
UK
Created a software package, using python and the mayavi graphing library, to model and visualise the motion of groups of vortices on different.
2012
Intern
Supervisor: Prof. Paul Popelier
University of Manchester
UK
Analysed a simulation package, written in Fortran 90, to document the underlying mathematics.
Improved the simulation by implementing more physically realistic a algorithm.