论文信息 - Securing SCADA Applications Using OpenPLC With End-To-End Encryption

Securing SCADA Applications Using OpenPLC With End-To-End Encryption

During its nascent stages, Programmable Logic Controllers (PLC) were made robust to sustain tough industrial environments, but little care was taken to raise defenses against potential cyberthreats. The recent interconnectivity of legacy PLCs and SCADA systems with corporate networks and the internet has significantly increased the threats to critical infrastructure. To counter these threats, researchers have put their efforts in finding defense mechanisms that can protect the SCADA network and the PLCs. Encryption is a critical component of security and therefore has been used by many organizations to protect data on the network. However, since PLC vendors don't make available information about their hardware or software, it becomes challenging to embed encryption into their devices, especially if they rely on legacy protocols. This paper describes an alternative design using an open source PLC that was modified to encrypt all data it sends over the network, independently of the protocol used. Experimental results indicated that the encryption layer increased the security of the link without causing a significant overhead.

Seong-Moo Yoo | Thomas Morris | Thiago Alves

[1] James H. Graham,et al. Security Considerations in SCADA Communication Protocols , 2004 .

[2] Jill Slay,et al. Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[3] Andrew K. Wright,et al. Low-Latency Cryptographic Protection for SCADA Communications , 2004, ACNS.

[4] R. Kretschmann,et al. INTERNATIONAL ELECTROTECHNICAL COMMISSION TECHNICAL COMMITTEE No. 65B: INDUSTRIAL-PROCESS MEASUREMENT AND CONTROL WORKING GROUP 7/TASK FORCE 3: PROGRAMMING LANGUAGES FOR PROGRAMMABLE CONTROLLERS (IEC 61131-3, -8) MINUTES OF MEETING , 2007 .

[5] Aamir Shahzad,et al. Secure Cryptography Testbed Implementation for SCADA Protocols Security , 2013, 2013 International Conference on Advanced Computer Science Applications and Technologies.

[6] Francesco Parisi-Presicce,et al. DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[7] Igor Nai Fovino,et al. Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.