Security Challenges in Control Network Protocols: A Survey

With the ongoing adoption of remotely communicating and interacting control systems harbored by critical infrastructures, the potential attack surface of such systems also increases drastically. Therefore, not only the need for standardized and manufacturer-agnostic control system communication protocols has grown, but also the requirement to protect those control systems’ communication. There have already been numerous security analyses of different control system communication protocols; yet, these have not been combined with each other sufficiently, mainly due to three reasons: First, the life cycles of such protocols are usually much longer than those of other Internet and communication technologies, therefore legacy protocols are often not considered in current security analyses. Second, the usage of certain control system communication protocols is usually restricted to a particular infrastructure domain, which leads to an isolated view on them. Third, with the accelerating pace at which both control system communication protocols and threats against them develop, existing surveys are aging at an increased rate, making their re-investigation a necessity. In this paper, a comprehensive survey on the security of the most important control system communication protocols, namely Modbus, OPC UA, TASE.2, DNP3, IEC 60870-5-101, IEC 60870-5-104, and IEC 61850 is performed. To achieve comparability, a common test methodology based on attacks exploiting well-known control system protocol vulnerabilities is created for all protocols. In addition, the effectiveness of the related security standard IEC 62351 is analyzed by a pre- and post-IEC 62351 comparison.

[1]  Boudewijn R. Haverkort,et al.  A Tool for Generating Automata of IEC60870-5-104 Implementations , 2018, MMB.

[2]  Ejaz Ahmed,et al.  Poisoned GOOSE: Exploiting the GOOSE Protocol , 2014, AISC.

[3]  Li Lin,et al.  Intrusion Detection of Industrial Control System Based on Modbus TCP Protocol , 2017, 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS).

[4]  Steffen Fries,et al.  Enhancing IEC 62351 to Improve Security for Energy Automation in Smart Grid Environments , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[5]  Michael Robinson The SCADA Threat Landscape , 2013, ICS-CSR.

[6]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[7]  Marc Stevens,et al.  New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis , 2013, EUROCRYPT.

[8]  S. Shankar Sastry,et al.  Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems , 2009, Ad Hoc Networks.

[9]  Jacek Jarmakiewicz,et al.  Development of cyber security testbed for critical infrastructure , 2015, 2015 International Conference on Military Communications and Information Systems (ICMCIS).

[10]  Ernest Foo,et al.  Securing DNP3 Broadcast Communications in SCADA Systems , 2016, IEEE Transactions on Industrial Informatics.

[11]  Renjie Huang,et al.  Research on OPC UA security , 2010, 2010 5th IEEE Conference on Industrial Electronics and Applications.

[12]  Salim Hariri,et al.  A testbed for analyzing security of SCADA control systems (TASSCS) , 2011, ISGT 2011.

[13]  Ernest Foo,et al.  Real-Time and Interactive Attacks on DNP3 Critical Infrastructure Using Scapy , 2015, AISC.

[14]  Eul Gyu Im,et al.  Man-in-the-Middle Attack Test-bed Investigating Cyber-security Vulnerabilities in Smart Grid SCADA Systems , 2012 .

[15]  Stephen D. Wolthusen,et al.  Limitations of IEC62351-3's public key management , 2016, 2016 IEEE 24th International Conference on Network Protocols (ICNP).

[16]  Wei Gao,et al.  Industrial Control System Cyber Attacks , 2013, ICS-CSR.

[17]  Christian Damsgaard Jensen,et al.  A Generic Role Based Access Control Model for Wind Power Systems , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[18]  Zhenyu Zhou,et al.  Review of cyber-security challenges and measures in smart substation , 2016, 2016 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE).

[19]  Jagath Samarabandu,et al.  An Intrusion Detection System for IEC61850 Automated Substations , 2010, IEEE Transactions on Power Delivery.

[20]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[21]  Mihui Kim,et al.  Intrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid , 2012 .

[22]  Justin Varghese,et al.  Security issues in SCADA based industrial control systems , 2017, 2017 2nd International Conference on Anti-Cyber Crimes (ICACC).

[23]  B. S. Bindhumadhava,et al.  SCADA communication protocols: vulnerabilities, attacks and possible mitigations , 2013, CSI Transactions on ICT.

[24]  Jagath Samarabandu,et al.  Security Analysis and Auditing of IEC61850-Based Automated Substations , 2010, IEEE Transactions on Power Delivery.

[25]  Faruk Kazi,et al.  Security assessment framework for cyber physical systems: A case-study of DNP3 protocol , 2015, 2015 IEEE Bombay Section Symposium (IBSS).

[26]  Mrinal Patwardhan,et al.  Function code based vulnerability analysis of DNP3 , 2016, 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS).

[27]  G. Manimaran,et al.  Detection of cyber intrusions using network-based multicast messages for substation automation , 2014, ISGT 2014.

[28]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[29]  Claudia Eckert,et al.  Novel weaknesses in IEC 62351 protected Smart Grid control systems , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[30]  Péter Tamás Szemes,et al.  Proposal of a Secure Modbus RTU Communication with Adi Shamir's Secret Sharing Method , 2018 .

[31]  Cas J. F. Cremers,et al.  Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5 , 2017, ESORICS.

[32]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[33]  Tomoiaga Radu,et al.  Evaluation of DES, 3 DES and AES on Windows and Unix platforms , 2010, 2010 International Joint Conference on Computational Cybernetics and Technical Informatics.

[34]  Robert E. Johnson,et al.  Survey of SCADA security challenges and potential attack vectors , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[35]  Timothy X. Brown,et al.  Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[36]  Dieter Gollmann,et al.  Industrial control systems security: What is happening? , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[37]  Peter Maynard,et al.  Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[38]  Raphael Amoah,et al.  Formal security analysis of the DNP3-Secure Authentication Protocol , 2016 .

[39]  Tai-hoon Kim,et al.  Research trend on secure SCADA network technology and methods , 2010 .

[40]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[41]  G. Gilchrist Secure authentication for DNP3 , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[42]  Josef Börcsök,et al.  A survey on OPC and OPC-UA: About the standard, developments and investigations , 2013, 2013 XXIV International Conference on Information, Communication and Automation Technologies (ICAT).

[43]  Igor Nai Fovino,et al.  Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.

[44]  Peter Maynard,et al.  Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks , 2014, ICS-CSR.

[45]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[46]  James H. Graham,et al.  Security Considerations in SCADA Communication Protocols , 2004 .

[47]  Om Pal,et al.  Public Key Cryptography Based Approach for Securing SCADA Communications , 2011 .

[48]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[49]  Henrik Sandberg,et al.  Challenges in Power System Information Security , 2012, IEEE Security & Privacy.

[50]  Aamir Shahzad,et al.  THE SCADA REVIEW: SYSTEM COMPONENTS, ARCHITECTURE, PROTOCOLS AND FUTURE SECURITY TRENDS , 2014 .

[51]  Ahmed Serhrouchni,et al.  Analysis of cyber security for industrial control systems , 2015, 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC).

[52]  Sergey Bratus,et al.  Bolt-On Security Extensions for Industrial Control System Protocols: A Case Study of DNP3 SAv5 , 2015, IEEE Security & Privacy.

[53]  Johannes Schneider,et al.  Assessing the Security of IEC 62351 , 2015, ICS-CSR.

[54]  John T. Michalski,et al.  Secure ICCP Integration Considerations and Recommendations , 2007 .

[55]  Tom Bartman,et al.  Securing communications for SCADA and critical industrial systems , 2016, 2016 69th Annual Conference for Protective Relay Engineers (CPRE).

[56]  Francesco Parisi-Presicce,et al.  DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[57]  Naixue Xiong,et al.  Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information , 2015, Symmetry.

[58]  Kwangjo Kim,et al.  Simulated Attack on DNP3 Protocol in SCADA System , 2014, SCIS 2014.

[59]  S. Mohagheghi,et al.  Communication protocols and networks for power systems-current status and future trends , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[60]  Frank Hohlbaum,et al.  Cyber Security Practical considerations for implementing IEC 62351 , 2010 .

[61]  Roslan Ismail,et al.  A review of security attacks on IEC61850 substation automation system network , 2014, Proceedings of the 6th International Conference on Information Technology and Multimedia.

[62]  Martin Naedele,et al.  Addressing IT Security for Critical Control Systems , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[63]  L. Pietre-Cambacedes,et al.  Cryptographic Key Management for SCADA Systems-Issues and Perspectives , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).