Formal security analysis of the DNP3-Secure Authentication Protocol

This thesis evaluates the security of Supervisory Control and Data Acquisition (SCADA) systems, which are one of the key foundations of many critical infrastructures. Specifically, it examines one of the standardised SCADA protocols called the Distributed Network Protocol Version 3, which attempts to provide a security mechanism to ensure that messages transmitted between devices, are adequately secured from rogue applications. To achieve this, the thesis applies formal methods from theoretical computer science to formally analyse the correctness of the protocol.

[1]  曽禰 寛純 OPC(OLE for Process Control)技術とプロセスオ-トメ-ション (特集 オ-プンネットワ-ク技術は計装制御システムをどう変えるか) , 1998 .

[2]  Sujeet Shenoi,et al.  A Taxonomy of Attacks on the DNP3 Protocol , 2009, Critical Infrastructure Protection.

[3]  Mats Björkman,et al.  Exploring Security in PROFINET IO , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[4]  Reinhard Gotzhein Specifying communication services with temporal logic , 1990, PSTV.

[5]  Younes Seifi Formal analysis of security properties in trusted computing protocols , 2014 .

[6]  Tommaso Bolognesi,et al.  Tableau methods to describe strong bisimilarity on LOTOS processes involving pure interleaving and enabling , 1994, FORTE.

[7]  Ernest Foo,et al.  Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model , 2014, 2014 IEEE International Conference on Communications (ICC).

[8]  Devesh C. Jinwala,et al.  A Comparative Analysis of Tools for Verification of Security Protocols , 2010, Int. J. Commun. Netw. Syst. Sci..

[9]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[10]  Dominique Bolignano,et al.  Formal Methods in Practice: The Missing Links. A Perspective from the Security Area , 2000, MOVEP.

[11]  Dan Craigen,et al.  An International Survey of Industrial Applications of Formal Methods , 1992, Z User Workshop.

[12]  Peter Csaba Ölveczky,et al.  Formal modeling, performance estimation, and model checking of wireless sensor network algorithms in Real-Time Maude , 2009, Theor. Comput. Sci..

[13]  Ernest Foo,et al.  Securing DNP3 Broadcast Communications in SCADA Systems , 2016, IEEE Transactions on Industrial Informatics.

[14]  Anthony Hall,et al.  Realising the Benefits of Formal Methods , 2005, J. Univers. Comput. Sci..

[15]  Sujeet Shenoi,et al.  Security Analysis of Multilayer SCADA Protocols , 2007, Critical Infrastructure Protection.

[16]  Ernest Foo,et al.  Formal modelling and analysis of DNP3 secure authentication , 2016, J. Netw. Comput. Appl..

[17]  A. Udaya Shankar,et al.  A Relational Notation for State Transition Systems , 1990, IEEE Trans. Software Eng..

[18]  David Lee,et al.  Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[19]  David M. Nicol,et al.  An event buffer flooding attack in DNP3 controlled SCADA systems , 2011, Proceedings of the 2011 Winter Simulation Conference (WSC).

[20]  Peter Huber,et al.  Hierarchies in coloured Petri nets , 1991, Applications and Theory of Petri Nets.

[21]  David A. Basin,et al.  Provably repairing the ISO/IEC 9798 standard for entity authentication , 2012, J. Comput. Secur..

[22]  Colin J. Fidge,et al.  Integrating Real-Time Scheduling Theory and Program Refinement , 1996, FME.

[23]  Colin Boyd,et al.  Automating Computational Proofs for Public-Key-Based Key Exchange , 2010, ProvSec.

[24]  Kurt Jensen,et al.  Coloured Petri Nets , 1996, Monographs in Theoretical Computer Science. An EATCS Series.

[25]  Jan Tretmans,et al.  Testing Concurrent Systems: A Formal Approach , 1999, CONCUR.

[26]  Lars Michael Kristensen,et al.  Modelling and Initial Validation of the DYMO Routing Protocol for Mobile Ad-Hoc Networks , 2008, Petri Nets.

[27]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[28]  Kenneth L. McMillan,et al.  A methodology for hardware verification using compositional model checking , 2000, Sci. Comput. Program..

[29]  Richard O. Sinnott The formal, tool supported development of real time systems , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[30]  Suriadi Suriadi Strengthening and formally verifying privacy in identity management systems , 2010 .

[31]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[32]  Kent D. Lee Functional Programming in Standard ML , 2008 .

[33]  Peter Beike,et al.  The Definition Of Standard Ml Revised , 2016 .

[34]  Marco Ajmone Marsan,et al.  Transactions on Petri Nets and Other Models of Concurrency VI , 2012, Lecture Notes in Computer Science.

[35]  Xinghuo Yu,et al.  SCADA system security: Complexity, history and new developments , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[36]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[37]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[38]  McClanahan SCADA and IP: is network convergence really here? , 2003 .

[39]  Jonathan Billington,et al.  Modelling and analysing the functional behaviour of TCP’s connection management procedures , 2007, International Journal on Software Tools for Technology Transfer.

[40]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[41]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[42]  Anthony Hall,et al.  Seven myths of formal methods , 1990, IEEE Software.

[43]  Jane Sinclair,et al.  Introduction to formal specification and Z , 1991, Prentice Hall International Series in Computer Science.

[44]  Francisca Santana Robles,et al.  Coloured Petri Nets Basic Concepts, Analysis Methods and Practical Use , 2015 .

[45]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[46]  John Nicholls,et al.  Z notation , 1994 .

[47]  A. W. Roscoe,et al.  Proving security protocols with model checkers by data independence techniques , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[48]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[49]  Antti-Pekka Tuovinen,et al.  Modelling of Features and Feature Interactions in Nokia Mobile Phones Using Coloured Petri Nets , 2002, ICATPN.

[50]  Colin Boyd,et al.  Using Coloured Petri Nets to Simulate DoS-resistant Protocols , 2006 .

[51]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[52]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[53]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[54]  Brent Kesler,et al.  The Vulnerability of Nuclear Facilities to Cyber Attack; Strategic Insights: Spring 2010 , 2011 .

[55]  Jonathan Billington,et al.  Designing and Verifying a Communications Gateway Using Coloured Petri Nets and Design/CPN , 1996, Application and Theory of Petri Nets.

[56]  Engin Ozdemir,et al.  Mobile phone based SCADA for industrial automation. , 2006, ISA transactions.

[57]  Lars Michael Kristensen,et al.  Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems , 2007, International Journal on Software Tools for Technology Transfer.

[58]  Catherine A. Meadows,et al.  Formal Verification of Cryptographic Protocols: A Survey , 1994, ASIACRYPT.

[59]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[60]  Kurt Jensen Coloured Petri nets: A high level language for system design and analysis , 1989, Applications and Theory of Petri Nets.

[61]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[62]  HyungJun Kim,et al.  Reducing security vulnerabilities for critical infrastructure , 2009 .

[63]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[64]  Ernest Foo,et al.  Privacy Compliance Verification in Cryptographic Protocols , 2012, Trans. Petri Nets Other Model. Concurr..

[65]  Pierre Marzin,et al.  Understanding Formal Methods , 2003, Springer London.

[66]  A. Daneels,et al.  Современные SCADA-системы , 2017 .

[67]  Danny Bradbury SCADA: a critical vulnerability , 2012 .

[68]  Kurt Jensen An Introduction to the Theoretical Aspects of Coloured Petri Nets , 1994 .

[69]  Roberto Saracco,et al.  CCITT SDL: Overview of the Language and its Applications , 1987, Comput. Networks.

[70]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[71]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[72]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[73]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[74]  Natarajan Shankar,et al.  Symbolic Analysis of Transition Systems , 2000, Abstract State Machines.

[75]  F. Cleveland,et al.  IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple Encryption , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[76]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[77]  Jane Sinclair,et al.  Deductive Reasoning versus Model Checking: Two Formal Approaches for System Development , 1999, IFM.

[78]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[79]  Carl A Sunshine,et al.  Formal Methods for Communication Protocol Specification and Verification , 1979 .

[80]  Michael Westergaard,et al.  The BRITNeY Suite Animation Tool , 2006, ICATPN.

[81]  Jonathan Billington,et al.  Protocol Specification Using P-Graphs, a Technique Based on Coloured Petri Nets , 1996, Petri Nets.

[82]  C. Wilson Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress , 2008 .

[83]  Salah A. Aly,et al.  Protocol Verification And Analysis Using Colored Petri Nets , 2003 .

[84]  Abb Ab,et al.  Introducing Security Modules in PROFINET IO , 2009 .

[85]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[86]  Wiebke Dresp,et al.  Security Analysis of the Secure Authentication Protocol by Means of Coloured Petri Nets , 2005, Communications and Multimedia Security.

[87]  Jonathan Billington,et al.  A Formal and Executable Specification of the Internet Open Trading Protocol , 2002, EC-Web.

[88]  Wil M. P. van der Aalst,et al.  From task descriptions via colored Petri nets towards an implementation of a new electronic patient record workflow system , 2007, International Journal on Software Tools for Technology Transfer.

[89]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[90]  Stanislaw Budkowski,et al.  An Introduction to Estelle: A Specification Language for Distributed Systems , 1987, Comput. Networks.

[91]  Ridha Khédri,et al.  Modeling and Verification of Cryptographic Protocols Using Coloured Petri Nets and Design/CPN , 2005, Nord. J. Comput..

[92]  G. Gilchrist Secure authentication for DNP3 , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[93]  Gen-Yih Liao,et al.  Toward Authenticating the Master in the Modbus Protocol , 2008, IEEE Transactions on Power Delivery.

[94]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[95]  Alfredo Pironti,et al.  Formal Vulnerability Analysis of a Security System for Remote Fieldbus Access , 2011, IEEE Transactions on Industrial Informatics.

[96]  Eric Byres,et al.  Uncovering cyber flaws , 2006 .

[97]  Francesco Parisi-Presicce,et al.  DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework , 2007 .

[98]  Conversion and delivery of electrical energy in the 21st century , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[99]  Anders Moen Hagalisletto,et al.  Formal Modeling of Authentication in SIP Registration , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[100]  Igor Nai Fovino,et al.  An experimental investigation of malware attacks on SCADA systems , 2009, Int. J. Crit. Infrastructure Prot..

[101]  Kurt Jensen High-Level Petri Nets , 1982, European Workshop on Applications and Theory of Petri Nets.

[102]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[103]  Muttukrishnan Rajarajan,et al.  Comparative Analysis of Formal Model Checking Tools for Security Protocol Verification , 2010, CNSA.

[104]  Bruno Dutertre Formal Modeling and Analysis of the Modbus Protocol , 2007, Critical Infrastructure Protection.

[105]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[106]  Kurt Jensen An Introduction to the Practical Use of Coloured Petri Nets , 1996, Petri Nets.

[107]  Vu Van Tan,et al.  Security in automation and control systems based on OPC techniques , 2007, 2007 International Forum on Strategic Technology.