Jia-Yi Jhan,Hung-Min Sun

DOI: https://doi.org/10.48550/arXiv.2312.05665

2023-12-10

Abstract:The core component of an Industrial Control System (ICS) is often a Programmable Logic Controller (PLC) combined with various modules. In such systems, the communication between devices is mainly based on the Modbus protocol, which was developed by Modicon (now Schneider Electric) in 1979 as an application-level communication protocol and has become a de facto standard for ICS for the past 40 years. Modbus TCP is a variant of this protocol for communications over the TCP/IP network. However, the Modbus protocol was not designed with security in mind, and the use of plaintext transmissions during communication makes information easily accessible to the attackers, while the lack of an authentication mechanism gives any protocol-compliant device the ability to take over control. In this study, we use the eBPF technology to shift the process of protocol change to the lower level of the operating system, making the change transparent to the existing software, and enhancing the security of the Modbus TCP protocol without affecting the existing software ecosystem as much as possible.

Cryptography and Security

Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

L. Rajesh,Penke Satyanarayana

DOI: https://doi.org/10.1007/s11277-023-10738-0

IF: 2.017

2023-09-21

Wireless Personal Communications

Abstract:Industrial control systems (ICS) like supervisory control and data acquisition (SCADA) systems play a crucial role in monitoring and controlling various process industries in national critical infrastructures. They are connecting to internet and highly inter-connected corporate networks for sharing the field data to third party heterogeneous systems like enterprise resource planning, third party SCADA systems etc. Even though it helps to share the data for monitoring and control of systems, it also opens the doors for cyber-attacks. It needs to strengthen the cyber security of these SCADA systems. There are various components in SCADA systems which requires to build security in these components. Generally, most of the SCADA systems uses MODBUS communication protocol for scanning the PLC devices to acquire the field data. The communication protocol security is one of the main components which was little addressed. The MODBUS protocol was developed without security in mind because security aspect was not a concern in closed environments of industrial control systems. It is highly vulnerable to cyber-attacks. There are some methods already developed by scholars to implement security in MODBUS protocol, but the existing methods modified the MODBUS frame formats. Hence, they are not suitable to the existing legacy systems because they do not support interoperability between various industry manufacturer’s products. Another critical problem in existing methods is all the required security features were not implemented in a single method which would satisfy the security features like integrity, confidentiality, non-repudiation, authorization and authentication. In this paper, we designed and developed a new method by developing Secure Modbus Gateway Server and Client modules to provide secure data transfer between data acquisition servers and PLCs. In this methodology, the modules were developed using RSA and AES algorithms for achieving confidentiality and non-repudiation, SHA algorithm to provide integrity of the message. These modules also support authorization and authentication features. The time stamp in the Modbus frame was also included and transmitted to prevent replay attacks. The advantages of these modules/methodology are, it supports all required features for secure data transfer like integrity, confidentiality, non-repudiation, authorization and authentication. They also provide time stamp, frame filtering and exception response alarm triggering features. These modules also support interoperability and they can be easily installed in existing legacy systems. We measured performance metrics like attack resilience rate (ARP), attack penetration rate (APR) and overheads. This method protects the ICS system for 97% of attacks. The overhead on protocol was also calculated and it is found that 3.5% extra delay in round trip time which is very minor and can be tolerated in exchange of the important security benefits offered.

telecommunications

Santiago Figueroa-Lorenzo,Javier Añorga,Saioa Arrizabalaga

DOI: https://doi.org/10.3390/s19204455

2019-10-14

Abstract:Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

Xuhong Li,Guan Wang,Wenwen Pan

DOI: https://doi.org/10.1504/ijaacs.2021.114289

2021-01-01

International Journal of Autonomous and Adaptive Communications Systems

Abstract:Aiming at the security problems of data monitoring, and forgery and tampering in the process of wireless communication network, this paper proposes a lightweight data encryption algorithm based on dynamic key, in which an authentication scheme combining with the characteristics of communication system is constructed. Firstly, the communication network structure is constructed based on encryption algorithm by using C/S security agent model. Furthermore, the data symmetric encryption and decryption are completed by using exclusive OR algorithm. In addition, adopting hash algorithm which can complete data integrity authentication, and reduce resource consumption in keys and message. The libmodbus open source libraries are employed to simulate the master/slave device communication, and simulation results show that the improved scheme ensures the synchronisation and accurate key updating, realises the self-organisation and management of the key. At the same time, the proposed algorithm has great advantages in resource consumption, compared with other algorithms.

Junlei Qian,Changchun Hua,Xinping Guan,Tiefeng Xin,Limin Zhang

DOI: https://doi.org/10.1109/access.2019.2909011

IF: 3.9

2019-01-01

IEEE Access

Abstract:Supervisory control and data acquisition (SCADA) is a widely implemented structure to achieve remote measurement and control in many iron and steel plants. In traditional consideration, more attention on physical network separation methods is paid to isolate the SCADA system from management network to keep SCADA in a considered "safe" state. In addition, lots of security solution providers are focusing on the network side security assurance without involving the SCADA communication level protection. This paper investigates a new trusted-ID referenced key scheme for securing SCADA communications efficiently. The advanced encryption standard algorithm is used in the data transmission for its fast calculating speed, and the elliptic curve cryptography digital signature algorithm is used to confirm the data package that is from the right ID which can avoid the measured values and the control instructions to be maliciously modified by attacker. This solution for securing SCADA communication provides an efficient way to protect the data and protocol between the controllers and the remote terminal units (RTUs), and offers an authentication for the communication, which can avoid Man-In-The-Middle attack. Random numbers are used as a session key that can avoid the replay attack. cipher-block chaining mode message authentication code calculation is used to meet the data integrity requirement. Gong Needham Yahalom logic is used to prove the security of this solution, and an example is given to verify its validity.

Yu-Sheng Yang,Shih-Hsiung Lee,Wei-Che Chen,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/s21082685

IF: 3.9

2021-04-11

Sensors

Abstract:The vigorous development of the Industrial Internet of Things brings the advanced connection function of the new generation of industrial automation and control systems. The Supervisory Control and Data Acquisition (SCADA) network is converted into an open and highly interconnected network, where the equipment connections between industrial electronic devices are integrated with a SCADA system through a Modbus protocol. As SCADA and Modbus are easily used for control and monitoring, the interconnection and operational efficiency between systems are highly improved; however, such connectivity inevitably exposes the system to the open network environment. There are many network security threats and vulnerabilities in a SCADA network system. Especially in the era of the Industrial Internet of Things, any security vulnerability of an industrial system may cause serious property losses. Therefore, this paper proposes an encryption and verification mechanism based on the trusted token authentication service and Transport Layer Security (TLS) protocol to prevent attackers from physical attacks. Experimentally, this paper deployed and verified the system in an actual field of energy management system. According to the experimental results, the security defense architecture proposed in this paper can effectively improve security and is compatible with the actual field system.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yue Lu,Xiuzhen Chen,Changsong Chen

DOI: https://doi.org/10.1109/ssic.2016.7571806

2016-01-01

Abstract:With rapid development of information technology, integration of industrialization and information is becoming closer and closer. SCADA (Supervisory Control and Data Acquisition) systems have been widely used in industrial control systems for promoting social productivity efficiently. In recent years, attacks against SCADA systems have caused serious damage and economic loss. Many robust cryptographic mechanisms have been introduced in SCADA systems in order to improve their defense ability of attacks. However, industry control systems have requirements of high availability, real-time and stability. Thus, designing a lightweight cryptographic mechanism is necessary for SCADA systems to have rapid emergency-response and fault-recovery in some critical situations. This paper puts forward an approach of security authentication for SCADA systems which achieves the two-way authentication and ensures the confidentiality of communication between master and slave stations. The proposed approach employs a bivariate symmetric polynomial to obtain the session key by letting master and slave stations' identity values participate in the polynomial calculation. And further the session key is extended to meet the length requirement of AES encryption key. The extended session key is further used to encrypt communication data transmitted in SCADA systems. The proposed lightweight security authentication method is effective in mutual authentication for master and slave stations and in secure communication, and also meet some special requirements of SCADA systems, including fast response in an emergency situation, real-time data communication, and high availability.

Alexandra Tidrea,Adrian Korodi,Ioan Silea

DOI: https://doi.org/10.3390/s19194191

2019-09-27

Abstract:The increased number of cyber threats against the Supervisory Control and Data Acquisition (SCADA) and automation systems in the Industrial-Internet-of-Things (IIoT) and Industry 4.0 era has raised concerns in respect to the importance of securing critical infrastructures and manufacturing plants. The evolution towards interconnection and interoperability has expanded the vulnerabilities of these systems, especially in the context of the widely spread legacy standard protocols, by exposing the data to the outside network. After gaining access to the system data by launching a variety of attacks, an intruder can cause severe damage to the industrial process in place. Hence, this paper attempts to respond to the security issue caused by legacy structures using insecure communication protocols (e.g., Modbus TCP, DNP3, S7), presenting a different perspective focused on the capabilities of a trusted platform module (TPM). Furthermore, the intent is to assure the authenticity of the data transmitted between two entities on the same (horizontal interoperation) or different (vertical interoperation) hierarchical levels communicating through Modbus TCP protocol based on functionalities obtained by integrating trusted platform modules. From the experimental results perspective, the paper aims to show the advantages of integrating TPMs in automation/SCADA systems in terms of security. Two methods are proposed in order to assure the authenticity of the messages which are transmitted, respectively the study presents the measurements related to the increased time latency introduced due to the proposed concept.

Hui Ran Wang,Rui Fang Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.392.601

2013-01-01

Applied Mechanics and Materials

Abstract:We dissected disadvantages of the existing transmission protocols and improved its performance of dada communication security. We have proposed a security communication protocol, called as RTUSec, for remote terminal units. RTUSec adds a security layer to the existing three layer model, so that the data security is improved. After analyzing advantage and disadvantage of the present algorithms of cryptography and authentication for data communication, we have designed a security mechanism with DES and HMAC to deal with security problems like spoofing during the communication between Remote Terminal Units and controlling centers.

Liao Zhang

DOI: https://doi.org/10.48550/arXiv.1701.05323

2017-01-19

Abstract:The security of industrial network has become an increasing concern in industry infrastructure operation. Motivated by on-going collaborations with Fortinet Corp., a security company, this project implements a testbed for supervisory control and data acquisition (SCADA) network security research by software emulation. Concepts about SCADA and Modbus protocol are reviewed in the report. Besides Modbus, vulnerabilities about several other industrial protocols are also studied for this project. In this report, a typical tank system following Modbus protocol is built as a testbed. Both attack and defense toolkits are introduced to emulate the attack and protection of the Modbus network. The emulation platform is also capable of entrapping hackers and gathering their activity data.

Cryptography and Security

Lagineni Mahendra,R.K. Senthil Kumar,Reddi Hareesh,B.S. Bindhumadhava,Rajesh Kalluri

DOI: https://doi.org/10.1109/tencon54134.2021.9707347

2021-12-07

Abstract:with the continuous growing threat of cyber terrorism, the vulnerability of the industrial control systems (ICS) is the most common subject for security researchers now. Attacks on ICS systems keep increasing and their impact leads to human safety issues, equipment damage, system down, unusual output, loss of visibility and control, and various other catastrophic failures. Many of the industrial control systems are relatively insecure with chronic and pervasive vulnerabilities. Modbus-Tcpis one of the widely used communication protocols in the ICS/ Supervisory control and data acquisition (SCADA) system to transmit signals from instrumentation and control devices to the main controller of the control center. Modbus is a plain text protocol without any built-in security mechanisms, and Modbus is a standard communication protocol, widely used in critical infrastructure applications such as power systems, water, oil & gas, etc.. This paper proposes a passive security solution called Deep-security-scanner (DSS) tailored to Modbus-Tcpcommunication based Industrial control system (ICS). DSS solution detects attacks on Modbus-TcpIcs networks in a passive manner without disturbing the availability requirements of the system.

Ming Wan,Wenli Shang,Linghe Kong,Peng Zeng

DOI: https://doi.org/10.1007/s11235-016-0223-x

2017-01-01

Abstract:In smart cities, the networked control system plays a significant role in transportation systems, power stations or other critical infrastructures, and it is facing many security issues. From this point, this paper proposes a content-based deep communication control approach to guarantee its security. Based on the layer architecture, this approach analyzes the interactive content in depth according to different industrial communication protocols, and implements the access control between two distinct enclaves. For OPC Classic, we acquire the dynamic port provided by OPC server, and open a new connection belonging to this port; for Modbus/TCP, we not only analyze the ordinary function codes and addresses, but also check the register or coil values by using the multi-bit Trie-tree matching algorithm. Besides, the white-listing strategy is introduced to satisfy the special requirements of industrial communication. Our experiment results show that, on the one hand the proposed approach provides OPC and Modbus/TCP defenses in depth; on the other hand it has less than 1 ms forwarding latency and 0 packet loss rate when the rule number reaches 200, and all these meet the availability requirements in the networked control system. In particular, this approach has been successfully applied in several real-world petrochemical control systems.

H. Ge,Wen You

DOI: https://doi.org/10.1109/ICCT46805.2019.8946996

2019-10-01

Abstract:Internet of Things is a system where appliances are embedded with software, sensors and actuators. The devices are able to transfer data over a network and also communicate with each other [1]. The literature reports that many systems based on single mode of monitoring, power or lighting are not integrated into one control system, so there are complex control cumbersome, high operating costs. To solve this problem, we propose a Modbus protocol design for intelligent building security, All these perception-control-management are integrated into one system. This system adopts the Modbus protocol format for the data communication, the hardware system with processor as ARM5708 industry as the core development board development and design, Using Linux operating system, JavaWeb development and database management technology to achieve data interaction, display, storage, identification and other functions, Completed an embedded network communication protocol gateway and industrial design, and connects the traditional serial connection Modbus fieldbus and Ethernet communication, and finally the application is realized through Modbus TCP protocol. Compared with the previous building security design, we adopted Modbus bus control, which saved the resources of the core development board and effectively applied the Modbus TCP protocol and Modbus RTU protocol. The webpage control end realizes the collection of the temperature and humidity gas concentration of the intelligent building and the detection of the human body infrared. For the purpose of verification and testing, a three-story building prototype was built.

Engineering,Environmental Science,Computer Science

Xiang Gong,Ting Kou,Yan Li

DOI: https://doi.org/10.3390/sym16101282

2024-09-29

Symmetry

Abstract:The communication of Industrial Internet of Things (IIoT) devices faces important security and privacy challenges. With the rapid increase in the number of devices, it is difficult for traditional security mechanisms to balance performance and security. Although schemes based on encryption and authentication exist, there are still difficulties in achieving lightweight security. In this paper, an authentication and key exchange scheme combining hardware security features and modern encryption technology is proposed for the MQTT-SN protocol, which is not considered security. The scheme uses Physical Unclonable Functions (PUFs) to generate unpredictable responses, and combines random numbers, time stamps, and shared keys to achieve two-way authentication and secure communication between devices and broker, effectively preventing network threats such as replay and man-in-the-middle attacks. Through verification, the proposed scheme has proved effective in terms of security and robustness, has computational and communication cost advantages compared with recent schemes, and provides higher availability.

multidisciplinary sciences

LuYao Yang,WeiMing Tong,ZhongWei Li,Tong Wu

DOI: https://doi.org/10.1145/3501409.3501589

2021-01-01

Abstract:In order to solve the problem of poor security protection ability of terminal equipment in current industrial control system, combining digital signature technology based on public key infrastructure and secret sharing scheme, an authentication scheme for distributed industrial control system terminal is proposed in this paper. In the process of authentication, digital signature technology based on public key infrastructure is used to deliver secret shares. The existence of the trusted center T is no longer required. This solves the problem of key escrow, prevents illegal personnel from using the name of trusted center T to deliver fake secret shares to industrial control terminal equipment, and enhances the security and reliability of the whole control system. The analysis shows that the authentication scheme can realize the authentication function between the engineer station and PLC terminal equipment in the multi-machine cooperation scenario in the industrial control system, prevent the intrusion of external personnel, ensure that the network data will not leak, and ensure the data security to the greatest extent.

YANG Yang,HUANG Xiaoqing,CAO Yijia,ZHANG Zhidan,HE Jie

2011-01-01

Abstract:As the security specifications for IEC 61850 P2P communication protocol(real-time communication),IEC 62351-6 recommends the adoption of authentication for ensuring the safety of data transmission.To meet the requirement for the data flow and data security objectives in IEC 61850 digital substations,a method of implementing identity authentication with extended safe message through SHA-1 and DES encryption is put forward.Through the security analysis,it can meet the confidentiality,integrity and validity of the message.Further,by taking the bus fault on the unified star and the ring network in the whole D2-1 substation as an example,the OPNET network simulation and calculation are applied to the process of authentication.It is proved that the substation communication program has both good security and real-time character.

Aamir Shahzad,Malrey Lee,Neal Naixue Xiong,Gisung Jeong,Young-Keun Lee,Jae-Young Choi,Abdul Wheed Mahesar,Iftikhar Ahmad

DOI: https://doi.org/10.3390/s16030322

2016-03-03

Abstract:In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

Yuan Tao,Wei Hu,Sheng Li

DOI: https://doi.org/10.1109/icaa53760.2021.00155

2021-01-01

Abstract:Industrial control system requires high availability. In principle, security measures should not adversely affect the basic functions of high availability industrial control system. The method of building a secure and trusted PLC are proposed based on trusted computing. Under the premise of ensuring business security, the security protection system of industrial control system is built through trusted computing, and hardware solutions are provided on the security master controller. In order to prevent the attack from the industrial control system network, the encryption technology is used to ensure the confidentiality and integrity of the communication session, which are between the field of control equipment layer and the process monitoring equipment layer, so as to make the industrial control system in a stable and reliable state.

Weiting Zhang,Hanyi Zhang,Liming Fang,Zhe Liu,Chunpeng Ge

DOI: https://doi.org/10.1109/jiot.2021.3091760

IF: 10.6

2022-02-01

IEEE Internet of Things Journal

Abstract:The supervisory control and data acquisition (SCADA) system is widely used in industrial control and the contemporary Industrial Internet of Things (IIoT). Unfortunately, due to its relatively weak design in terms of data security and access control, SCADA systems are becoming a favorite target for attackers. End-to-end encryption, such as SSL/TLS protocol, is used to protect the data transmission, but it cannot guarantee security in third-party cloud platforms. In this article, we propose a secure revocable fine-grained access control and data sharing scheme. This scheme not only ensures the confidentiality of the data but also enhances the access control of the SCADA system. Our scheme is based on three key observations. The common communication architecture of SCADA systems cannot protect data security itself. The security supports provided by industrial control protocols are limited. Moreover, the third-party cloud platforms are semitrusted. In addition, we have introduced digital signature technology to assure the integrity of the data in the SCADA system. We prove that our scheme is secure. This scheme has been experimentally evaluated to introduce negligible performance losses while improving data security in the SCADA system.

computer science, information systems,telecommunications,engineering, electrical & electronic