论文信息 - Use of traffic engineering techniques to increase resilience of SCADA networks

Use of traffic engineering techniques to increase resilience of SCADA networks

In this paper we present the approach we have taken in the INSPIRE (INcreasing Security and Protection through Infrastructure REsilience) project to increase the protection of Critical Infrastructures (CIs). The core idea of the INSPIRE project is to protect Critical Infrastructures by making the underlying communication network more secure and resilient. In order to do so, we devised a routing mechanism that allows the communication infrastructure interconnecting SCADA (Supervisory Control And Data Acquisition) systems, the key building blocks of CIs, to be resilient to both node failures and attacks. The approach is to split the packets of a SCADA traffic flow on two node-disjoint paths by exploiting the capabilities of the Multi-Protocol Label Switching communication paradigm. The security of the SCADA traffic is improved since the proposed approach allows for a fast re-route of the flows traversing a node under attack, thus preserving the confidentiality of the transmitted information.

[1] A. Orda,et al. QoS routing mechanisms and OSPF extensions , 1997, GLOBECOM 97. IEEE Global Telecommunications Conference. Conference Record.

[2] Eric C. Rosen,et al. Multiprotocol Label Switching Architecture , 2001, RFC.

[3] Ram Dantu,et al. Constraint-Based LSP Setup using LDP , 2002, RFC.

[4] Ariel Orda,et al. QoS Routing Mechanisms and OSPF Extensions , 1999, RFC.

[5] Scott Shenker,et al. Integrated Services in the Internet Architecture : an Overview Status of this Memo , 1994 .

[6] Duan-Shin Lee,et al. ATM Routing Algorithms with Multiple QOS Requirements for Multimedia Internetworking (Special Issue on Multimedia on Demand) , 1996 .

[7] Vijay Srinivasan,et al. RSVP-TE: Extensions to RSVP for LSP Tunnels , 2001, RFC.

[8] David L. Black,et al. An Architecture for Differentiated Service , 1998 .

[9] Xin Yuan. Heuristic algorithms for multiconstrained quality-of-service routing , 2002, IEEE/ACM Trans. Netw..

[10] Fernando A. Kuipers,et al. An overview of constraint-based path selection algorithms for QoS routing , 2002 .