Recovery Measure against Disabling Reassembly Attack to DNP3 Communication

In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems’ availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure. key words: industrial control system, DNP3, reassembly, availability

[1]  Kwangjo Kim,et al.  Simulated Attack on DNP3 Protocol in SCADA System , 2014, SCIS 2014.

[2]  Hang Xu,et al.  Distributed machine learning based smart-grid energy management with occupant cognition , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[3]  Andrea Carcano,et al.  Modbus/DNP3 state-based filtering system , 2010, 2010 IEEE International Symposium on Industrial Electronics.

[4]  Mauricio Papa,et al.  A Linux-based firewall for the DNP3 protocol , 2016, 2016 IEEE Symposium on Technologies for Homeland Security (HST).

[5]  Taeshik Shon,et al.  Challenges and research directions for heterogeneous cyber-physical system based on IEC 61850: Vulnerabilities, security requirements, and security architecture , 2016, Future Gener. Comput. Syst..

[6]  Sungho Jeon,et al.  Burst-based Anomaly Detection on the DNP3 Protocol ⁄ , 2013 .

[7]  G. Gilchrist Secure authentication for DNP3 , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[8]  Ravishankar K. Iyer,et al.  Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol , 2013, CSIIRW '13.

[9]  Francesco Parisi-Presicce,et al.  DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[10]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[11]  Lin Wang,et al.  Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[12]  Hamed Mohsenian Rad,et al.  Distribution grid reliability analysis considering regulation down load resources via micro-PMU data , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).