SlideShare a Scribd company logo

07 analysis of scada security models

•
•
O
omriyad

Control System

Engineering
1 of 9
Download to read offline
International Management Review Vol. 3 No. 2 2007 68 Analysis of SCADA Security Models Sandip C. Patel Department of Information Sciences & Systems Morgan State University, Baltimore, Maryland, USA Yingbing Yu Division of Natural and Mathematical Sciences LeMoyne-Owen College, Memphis, Tennessee, USA [Abstract] Supervisory control and data acquisition (SCADA) networks control the critical infrastructure of many countries. The lack of security in the SCADA networks has caused an urgency to upgrade existing systems to withstand hostile attacks. When new security models are proposed to enhance security of SCADA systems, the models have to be tested to verify that they provide the intended security. In this research, vulnerability and threat analyses are presented as effective methods for testing new SCADA security models. We illustrate the use of these methods on two security models for enhancing SCADA communication protocol. [Keywords] SCADA; security models; DNP 3; threat evaluation; vulnerability Analysis Introduction Supervisory control and data acquisition (SCADA) networks are used by industrial sectors and critical infrastructure utilities to carry data on electricity, water, oil, and gas. A SCADA system is a common process automation system that helps gather field data from sensors and instruments, transmit and display this data at a central site, and send control messages to the field devices. That is, SCADA networks enables receiving such data from remote field devices and sending control messages to remote devices from a control station. The field data is usually viewed on one or more SCADA host computers, referred as the master terminal units or MTUs, located at the central or master site. Real- world SCADA MTUs can monitor and control several hundred field devices known as remote terminal units or RTUs. In addition to infrastructure utilities, SCADA networks are also used in industrial process plants, such as steel production, power generation (conventional and nuclear) and distribution, and nuclear fusion. The size of such plants ranges from a few thousand to several thousand input/output (I/O) channels. However, SCADA systems evolve rapidly and are now penetrating the market of plants with I/O channels of up to several hundred thousand. The reliability of operations of modern infrastructures and many critical industries depends heavily on SCADA networks. SCADA disruptions can directly and indirectly affect many different infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. Cyber interdependencies are a result of the pervasive computerization and automation of infrastructures (Rinaldi et al., 2001). For example, the disruption of the electric power infrastructure disrupts fuels (natural gas and petroleum), which, in turn, disrupts, transportation, water, banking and finance, and telecommunication.
International Management Review Vol. 3 No. 2 2007 69 The architecture of a SCADA system consists of one or more MTUs that are used by engineers in a control station to monitor and control a large number of RTUs. An MTU is a midrange computer running SCADA utility programs. RTUs are generally small dedicated devices with some processing power, designed for rough field or industrial environment. One or more SCADA MTUs retrieve real-time analog and status data from RTUs, store, and analyze these data. MTUs automatically send control commands to the RTUs or enable the engineers to do so manually. The modern SCADA control systems lack security and are very vulnerable to cyber attacks (Byres, Hoffman, and Kube, 2006). Modern SCADA networks, integrated with corporate networks and the Internet, have become far more vulnerable to unauthorized cyber attacks. By sending a false control message, an unauthorized intruder for example, can manipulate traffic signals, electric-power switching stations, chemical process-control systems, or sewage-water valves, creating major damage to public safety and health. Risk management is a decision-making process and a phase in the life cycle of information security management (Conklin et al., 2004). It is an iterative process to manage risk, identify the threats, and determine what could happen to an organization if the threats were to happen, and then analyze what can be done to control the impact. As a result of risk management process, one or more security models are proposed. These models need to be evaluated for their correct functionality. In the proposed research, we take the two security models presented in Patel, S. C., and Graham, J. H., 2005. Security Models of SCADA The transmission of data and control commands between an MTU and an RTU, referred to as SCADA communications, is carried over a variety of media, including Ethernet, corporate frame relay, fiber channel, CDPD cellular systems, microwave signals, direct satellite broadcast, and many licensed or unlicensed radio systems, as show in Figure 1. The most common protocols used for the communication are IEC (International Electrotechnical Commission) 60870-5-101, Distributed Network Protocol or DNP3 (DNP3 Web), and Modbus. The IEC and DNP3 protocols provide more functionality than Modbus and are used for higher data volumes. IEC protocols dominate the market in Europe, whereas DNP is a major market player in North America (Makhija and Subramanyan, 2003). DNP3 protocols are also widely used in Australia and China. Two DNP3 security models, based on initial work by the DNP3 User Group, were proposed in (Hieb, J.L., Graham, J.H., and Patel, S.C., 2007; Patel, S. C., and Graham, J. H., 2005; Patel, S. C., 2006; Graham, J. H., Mostafa S., et al., 2007). They are described in the next two subsections, and the analyses are presented in sections 3 and 4. Model 1: Authentication via Digital Signatures In this model, the digital signatures are used with cryptographic checksums (secure hash). The sender of the message (typically an MTU) calculates a hash digest on an input stream that consists of the timestamp added to a part of the message that is intended to be sent. A hash digest is a unique number for a supplied input stream. The sender encrypts this digest using its private key and then sends the message with the encrypted digest. The receiver of the message (typically an RTU) decrypts the hash digest using the sender’s public key so that the receiver
International Management Review Vol. 3 No. 2 2007 70 can retrieve the hash digest. If the receiver can successfully decrypt the message, the authenticity of the sender is proven. The receiver also calculates the hash digest on the input steam consisting of the part of the message it received and the timestamp. The receiver compares this digest with the one that it received with the message. If the digest values match, the receiver concludes that the message contents have not been altered by an intruder. This security model was designed to protect against the threats of reply, spoofing, and modification attacks. Since the message travels in plaintext, this model does not protect the message from eavesdropping. However, the eavesdropper does not pick up any valuable or secret information. For SCADA networks, this threat is not a concern since the values sent by MTU could be a control value such as new valve position or water-tank level. Figure 1. SCADA Architectural Components Model 2: Authentication via Challenge Response This model is designed to verify the identity of two communicating devices (MTU or RTU). Any of the communicating devices could verify the other device. Typically, an RTU would verify an MTU when the RTU receives a request to establish a connection, or at random time intervals after the connection has been established, or when it receives an atypically control value from an MTU. An MTU would typically verify an RTU when the MTU receives an atypical field value or at random time intervals. This model is designed to protect against the man-in-the-middle attack.
International Management Review Vol. 3 No. 2 2007 71 In this model, the participating MTU and the RTU share a secret value, typically a few bytes long. When a device wants to verify whether the other device is authentic, it sends a random and unpredictable number as a challenge. The responding device adds the pre-shared secret bytes to the challenge, calculates the hash digest, and sends the digest as a response. The challenging device knows what the digest value should be, since it has both the challenge and the secret, which are necessary to calculate the right value. Thus, the challenging device can verify if the response is correct. Threat Evaluation of SCADA Misuse IDSs (knowledge-based or signature-based) look for specific patterns that define a known attack. The information about known attacks and vulnerabilities of the system is encoded into a “signature.” Any actions on the system that trigger the match are reported as “attempts” of intrusion. Signatures are patterns related to known attacks or misuse symptoms and are useful in the specification of the features, conditions, arrangements, and interrelationships among events that lead to an intrusion. They may be simple as in the case of character string matching looking for a single term or command or complexes of state transition written in a formal mathematical expression. Most virus detection programs are examples of misuse detection. Another widely used method is to analyze user keystroke patterns to monitor matches specific keystroke sequences indicating an attack entered by a user. Typing biometrics is the analysis of a user's keystroke patterns. Each user has a unique way of using the keyboard to enter a password. Threat analysis can show that a proposed model has a potential to guard against the attacks, which are threats to SCADA. Specifically, the analysis verifies if the intened attacks can be prevented by a model. We performed the threat analysis by taking each threat and analyzing how it would be prevented by the cryptographic components of the proposed models. The following threat analysis scrutinizes the model to verify that it works as intended (provides desired protection from attacks). Analyses of various threats showed that the proposed models had a potential to guard against the attacks that are threats to SCADA. Threat analysis is a comprehensive model-analysis that considers both the models together. The modification and spoofing attack analyses described below refer to protection provided by digital signature authentication. The man-in-the-middle attack and non-repudiation analyses below refer to protection from challenge response authentication. The replay attack analysis refers to both of the authentication methods (first, digital signature and then challenge-response authentication). The specific threat analyses are as follows: Modification attack: An intruder may try to intercept a message, such as a status request by an MTU, and modify it with another message, such as a control message asking to switch on a circuit breaker. The intruder will not succeed in doing so because the hash digest, which is attached with the message, contains a part of the message. So, when the intruder changes the message, the old hash value will no longer be valid. If the intruder calculates a new hash value, he/she cannot sign (encrypt) the message, since signing requires sender’s private key, which the intruder does not have.
International Management Review Vol. 3 No. 2 2007 72 • Spoofing: An intruder may try to impersonate an MTU, sending a control message to an RTU. However, the intruder cannot succeed, since he/she cannot sign the message with a valid private key. When the receiving RTU tries to decrypt the message using MTU’s public key, it won’t be able to do so and will discard the message. • Man-in-the-middle attack: The challenging party sends a challenge that is unique and random each time. So, the intruder cannot reuse an old hash value (that he/she might have received as the man-in-the-middle) to pretend an authenticated party. If there is the authenticated party trying to launch the man-in-the-middle attack, the challenge- response authentication will eliminate such attacks at the beginning of the session, since this authentication is performed while connections are established. Also, since the authentication is also performed at random intervals, it will eradicate those attacks that succeeded past the challenge-response authentication at the beginning of the session. In any case, all control messages are guarded with challenge-response authentication as an additional safe guard. • Non-repudiation: A digital signature provides the service of non-repudiation. If the sender (MTU) claims that it never sent the message, it could be pointed out that it signed the message with its private key. Unless the private key is stolen, nobody else but the MTU would know this key. However, this service may not be of much importance to SCADA considering that the purpose of its communications is between an RTU and an MTU and not for the commercial uses. • Replay attack: An intruder may try to intercept a message or a command and try to replay it back later. However, the receiver will probably reject the message because the message will have incorrect nonce (a parameter that varies with time) or incorrect timestamp. The intruder cannot get or change the nonce value since the hash digest is encrypted. Generally, replay without modification does not pose big security threats to SCADA communications. Replay of SCADA control command is additionally guarded with challenge-response authentication. • Eavesdropping: An intruder may tap a communication channel or intercept a message to listen to the communication between an RTU and an MTU. This threat is not an issue with SCADA because the intruder picks up data at the protocol level but does not get any valuable information that he/she can use to launch an attack or steal as valuable commercial information. The intruder cannot get the hash digest value in the digital signature model because it is transmitted in an encrypted form. The intruder cannot get the shared secret in the challenge response authentication because it is never transmitted over the line. Vulnerability Analysis of SCADA The goal of anomaly intrusion detection is to detect new or unknown attacks against a computer system, which can be done in a number of ways, such as monitoring network activities, monitoring user or system level behavior. The most significant advantage of anomaly detection is the ability to detect novel attacks against software, variants of known
International Management Review Vol. 3 No. 2 2007 73 attacks, and deviations from normal usage of programs, regardless of whether the source is a privileged internal user or an unauthorized external user. For example, by establishing “profiles” of typical user activities (such as login time, number of failure logins, CPU usage, etc), an IDS can monitor current user activities and compare with established profiles. Whenever a large deviation beyond a predefined threshold is detected, it is reported to as the possible intrusions. The vulnerability analysis answers questions as to why and how the model will work. Various threats are identified. Each threat is then analyzed by constructing various scenarios revealing what an intruder can do. Scenarios include various attacks that an intruder can launch with information, such as • Types of attacks an intruder can launch (for example, brute-force attack and bypass attack). • The steps necessary to launch an attack. • What types of information the intruder can originally have. • What type of information the intruder can gather to improve his/her subsequent attacks. • Attacks that can be launched combining two or more attacks and information gathered by an intruder from each attack. • Prioritizing SCADA risks. That is, what would be consequences of an attack and (what an intruder can achieve) and what would it mean to SCADA security risks in terms of result of such an attack. Vulnerability analyses performed on security models later can be used once code is written and more implementation-information is available. For example, the information, such as maximum, minimum, and average number of tries it would take an intruder to successfully attack (break) the system, can be obtained from the type of the encryption algorithm used. Based upon such information, the plausibility of each of the attacks can be considered. If one or more attacks are estimated to be likely or possible with improvement in technology over time, the vulnerability analysis would indicate that the model must be revised. The following sections demonstrate the use of vulnerability analysis on the two security models by examining what an intruder can and cannot do. The analysis described below answers questions as to why and how a model will work. Vulnerability Analysis of Model 1: Digital Signature To calculate a hash value, data such as DNP3 application layer header, output object header and data, timestamp, nonce, hash method (e.g., SHA-1), and length fields of the message fragment were used (Hieb, J.L., Graham, J.H., and Patel, S.C., 2007; Patel, S. C., and Graham, J. H., 2005; Patel, S. C., 2006.; Graham, J.H., Mostafa S., et al., 2007). This hash value is encrypted with an MTU’s private key. When an RTU receives the message, it uses the MTU’s public key to decrypt it. When the RTU decrypts the message successfully, it can conclude that the message came from an authentic MTU, since the MTU must have “signed” (encrypted) the message with its private key that only the MTU has. This would provide an RTU with the assurance that the message came from an authenticated MTU. Notice that in this model, it was chosen not to encrypt the message itself because encryption takes much processing time. Therefore, the receiver must verify that the contents of the message were not
International Management Review Vol. 3 No. 2 2007 74 altered by an intruder who could be in the middle. The integrity of the contents of a message are verified by matching the hash digest that came with the message to the one independently calculated by the RTU. It is possible for an intruder to read the message, since it is not encrypted. It is also possible for the intruder to decrypt the hash, since he/she can get the public key that is required to decrypt it. The intruder can also try to calculate a new hash value. However, the intruder cannot do much with all this information, since he/she does not have the private key, which is required to properly encrypt the new hash digest that is needed if he/she tried to change the message. If the intruder sends the message encrypted without the MTU’s private key, then, upon receiving the message, when the RTU tries to decrypt it using the MTU’s public key, it won’t be able to do so because the MTU’s public key works only on the messages encrypted with the MTU’s private key. Consequently, the RTU will find that the message was sent from an unauthentic source. An additional security guard is a time stamp that would verify that the time of reception does not vary from the time of transmission by a given amount, giving the intruder as little time as possible even if he/she succeeds in faking the rest of the values. Vulnerability Analysis of Model 2: Challenge-Response Model This authentication method depends upon a "secret" known only to the authenticator and that peer. Although the challenge is random (but unique and unpredictable), the response depends upon the challenge and a secret key added to the stream passed for hashing. The response value is the one-way hash calculated over a stream of octets consisting of an identifier (a field that changes every time), followed by the "secret," followed by the challenge value. The length of the response value depends upon the hash algorithm used (e.g., 16 octets for MD5). The secret is not sent over the link. Even if the intruder tries to pretend to be a challenger or a responder, he/she will not have the secret needed to calculate a correct hash value. Since the challenge is unique (different every time), the intruder cannot use an old hash value that he/she might have intercepted by eavesdropping. Challenge-response provides protection against replay attack by the peer. That is, an attack from another RTU using data from challenge-response between an RTU and an MTU is prevented through the use of an incrementally changing identifier and a variable challenge value. Since the authenticator is in control of the frequency and timing of the challenges, it can use repeated challenges for enhanced security, since such challenges can limit the time an intruder has for an attack. This model can work successfully with only one set of secrets. In other words, it is not necessary to have a set of secrets for a challenger and another set of secrets for the responder. The vulnerability analysis successfully scrutinized both the models to verify that they worked as intended. That is, the analysis proved that the models provided the desired protection from attacks. Security Experimental Test-bed The test-bed (Figure 2) consists of one MTU that communicates with seven RTUs. Four RTUs
International Management Review Vol. 3 No. 2 2007 75 are locally installed at the Intelligent Systems Research Lab at the University of Louisville and connected to the MTU with an Ethernet LAN infrastructure. The test-bed also has a WAN connection to an RTU located at Western Kentucky University. There are two actual SCADA systems in the Chemical Engineering Department at the University of Louisville to which the test bed is also connected. The Process Control Lab contains a simple level control system and the Unit Operations Lab contains a large binary distillation column. Both systems use a PC and GE Fanuc iFIX™ SCADA / HMI software for process monitoring and control. RTUs are running a DNP 3 communication driver to communicate and exchange data with the MTU. Also, for each RTU, an intrusion detection sensor Snort is installed to monitor the traffic going in and out with the RTU. The remote RTU is connected to the SCADA system using the Internet. Attacks were simulated using two methods. The wireless access points installed in the University of Louisville gives the user direct access to the University Ethernet infrastructure. The other method was to attack the system is externally using the Internet. Figure 2. Experimental SCADA Test-bed
International Management Review Vol. 3 No. 2 2007 76 Conclusion This paper has discussed various aspects of the security of SCADA communication protocols. Two security models have been verified for correctness by threat and vulnerability analyses. Threat analyses considered various attacks such as replay and spoofing and explicated how the proposed models guarded against these attacks. Vulnerability analyses examined intrusion tactics such as those by using brute-forcing and bypassing attack, and explained how the security models prevented an intruder from deploying the attacks successfully. The analyses indicated that the use of these security models in SCADA communications can significantly reduce the vulnerability of these critical systems to malicious cyber attacks, potentially avoiding the serious consequences of such attacks. References Byres, E.J., Hoffman, D., & Kube, N. (2006). On Shaky Ground – A Study of Security Vulnerabilities in Control Protocols. Proceedings of the 5th American Nuclear Society International Topical Meeting on Nuclear Plant Implementation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November, 2006. Conklin W. M. A., White, G..B., Cothren, C., Williams, D., &Davis, R.L. (2004). Principles of Computer Security: Security and Beyond. McGraw Hill Technology Education, Boston, Massachusetts. DNP3 Web home-page, http://www.dnp.org/ Graham, J. H., Mostafa S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., & Patel, S. (2007). Improvements in SCADA and DCS systems security. Proceedings of International Conference on Computers and Their Applications, Honolulu, Hawaii, March 28-30, pp.194-200. Graham, J. H., & Patel, S.C. (2005). Correctness Proofs for SCADA Communication Protocols. Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Orlando, FL, July 10-13, pp.392-397. Hieb, J.L., Graham, J.H., & Patel, S.C. (2007). Cyber Security Enhancements for SCADA and DCS Systems. Critical Infrastructure Protection: Issues and Solutions, Springer. Makhija, J., & Subramanyan, L.R. (2003). Comparison of protocols used in remote monitoring: DNP 3.0, IEC 870-5-101 & Modbus. M. Tech Report, Indian Institute of Technology, Bombay, India. Patel, S. C. (2006). Secure Internet-Based Communication Protocol for SCADA Networks, Doctoral Dissertation, University of Louisville, Louisville, Kentucky, USA. Rinaldi, S.M., Peerenboom, J.P., &Kelly, T.K. (2001). Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems, Vol. 21, No. 6, pp.11-25.

Recommended

IRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET Journal
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
An Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelAn Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelIRJET Journal
 
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSION
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONMULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSION
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
 
IRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET Journal
 
A predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsA predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsIJCNCJournal
 
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...IRJET Journal
 

Recommended

IRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET- False Data Injection Attacks in Insider Attack
IRJET- False Data Injection Attacks in Insider AttackIRJET Journal
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
An Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelAn Analysis on Software Defined Wireless Network using Stride Model
An Analysis on Software Defined Wireless Network using Stride ModelIRJET Journal
 
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSION
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONMULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSION
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
 
IRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET - A Secure Approach for Intruder Detection using Backtracking
IRJET - A Secure Approach for Intruder Detection using BacktrackingIRJET Journal
 
A predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsA predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsIJCNCJournal
 
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...IRJET Journal
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficAlexander Decker
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMEditor IJMTER
 
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...IJCSIS Research Publications
 
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...1crore projects
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
 
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...IJNSA Journal
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationApplication of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
Finding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Networkijircee
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber securitycsandit
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
 
J034057065
J034057065J034057065
J034057065ijceronline
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Environment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networksEnvironment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networksijsptm
 
Survey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chainSurvey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chainijcseit
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksInternational Journal of Engineering Inventions www.ijeijournal.com
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375IJERA Editor
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375IJERA Editor
 

More Related Content

What's hot

Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficAlexander Decker
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMEditor IJMTER
 
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...IJCSIS Research Publications
 
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...1crore projects
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
 
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...IJNSA Journal
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationApplication of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
Finding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Networkijircee
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber securitycsandit
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
 
J034057065
J034057065J034057065
J034057065ijceronline
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Environment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networksEnvironment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networksijsptm
 
Survey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chainSurvey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chainijcseit
 

What's hot (16)

Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network traffic
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
 
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
Enhanced Intrusion Detection System using Feature Selection Method and Ensemb...
 
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
Secure Data Aggregation Technique for Wireless Sensor Networks in the Presenc...
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
 
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
 
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
INVESTIGATING & IMPROVING THE RELIABILITY AND REPEATABILITY OF KEYSTROKE DYNA...
 
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationApplication of Attack Graphs in Intrusion Detection Systems: An Implementation
Application of Attack Graphs in Intrusion Detection Systems: An Implementation
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
 
Finding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Network
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber security
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
 
J034057065
J034057065J034057065
J034057065
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
 
Environment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networksEnvironment based secure transfer of data in wireless sensor networks
Environment based secure transfer of data in wireless sensor networks
 
Survey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chainSurvey of network anomaly detection using markov chain
Survey of network anomaly detection using markov chain
 

Similar to 07 analysis of scada security models

Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375IJERA Editor
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375IJERA Editor
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733SIVA SASTHRI
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDSiva Sasthri
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques IJERA Editor
 
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONSTATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONIJNSA Journal
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...IJNSA Journal
 
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...lvskumar1
 
The efficacy and challenges of scada and smart grid integration
The efficacy and challenges of scada and smart grid integrationThe efficacy and challenges of scada and smart grid integration
The efficacy and challenges of scada and smart grid integrationFaizal Faizi
 
on false data-injection attacks against power system state estimation modelin...
on false data-injection attacks against power system state estimation modelin...on false data-injection attacks against power system state estimation modelin...
on false data-injection attacks against power system state estimation modelin...swathi78
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
 

Similar to 07 analysis of scada security models (20)

Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
Hp2513711375
Hp2513711375Hp2513711375
Hp2513711375
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
 
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONSTATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
 
F017223742
F017223742F017223742
F017223742
 
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
A DEFENSIVE MECHANISM CROSS LAYER ARCHITECTURE FOR MANETS TO IDENTIFY AND COR...
 
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
A_Novel_Standalone_Implementation_of_MDNN_Controller_for_DC-DC_Converter_Resi...
 
The efficacy and challenges of scada and smart grid integration
The efficacy and challenges of scada and smart grid integrationThe efficacy and challenges of scada and smart grid integration
The efficacy and challenges of scada and smart grid integration
 
on false data-injection attacks against power system state estimation modelin...
on false data-injection attacks against power system state estimation modelin...on false data-injection attacks against power system state estimation modelin...
on false data-injection attacks against power system state estimation modelin...
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
 
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...
 

Recently uploaded

IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEslot gacor bisa pakai pulsa
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 

Recently uploaded (20)

IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

07 analysis of scada security models

  • 1. International Management Review Vol. 3 No. 2 2007 68 Analysis of SCADA Security Models Sandip C. Patel Department of Information Sciences & Systems Morgan State University, Baltimore, Maryland, USA Yingbing Yu Division of Natural and Mathematical Sciences LeMoyne-Owen College, Memphis, Tennessee, USA [Abstract] Supervisory control and data acquisition (SCADA) networks control the critical infrastructure of many countries. The lack of security in the SCADA networks has caused an urgency to upgrade existing systems to withstand hostile attacks. When new security models are proposed to enhance security of SCADA systems, the models have to be tested to verify that they provide the intended security. In this research, vulnerability and threat analyses are presented as effective methods for testing new SCADA security models. We illustrate the use of these methods on two security models for enhancing SCADA communication protocol. [Keywords] SCADA; security models; DNP 3; threat evaluation; vulnerability Analysis Introduction Supervisory control and data acquisition (SCADA) networks are used by industrial sectors and critical infrastructure utilities to carry data on electricity, water, oil, and gas. A SCADA system is a common process automation system that helps gather field data from sensors and instruments, transmit and display this data at a central site, and send control messages to the field devices. That is, SCADA networks enables receiving such data from remote field devices and sending control messages to remote devices from a control station. The field data is usually viewed on one or more SCADA host computers, referred as the master terminal units or MTUs, located at the central or master site. Real- world SCADA MTUs can monitor and control several hundred field devices known as remote terminal units or RTUs. In addition to infrastructure utilities, SCADA networks are also used in industrial process plants, such as steel production, power generation (conventional and nuclear) and distribution, and nuclear fusion. The size of such plants ranges from a few thousand to several thousand input/output (I/O) channels. However, SCADA systems evolve rapidly and are now penetrating the market of plants with I/O channels of up to several hundred thousand. The reliability of operations of modern infrastructures and many critical industries depends heavily on SCADA networks. SCADA disruptions can directly and indirectly affect many different infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. Cyber interdependencies are a result of the pervasive computerization and automation of infrastructures (Rinaldi et al., 2001). For example, the disruption of the electric power infrastructure disrupts fuels (natural gas and petroleum), which, in turn, disrupts, transportation, water, banking and finance, and telecommunication.
  • 2. International Management Review Vol. 3 No. 2 2007 69 The architecture of a SCADA system consists of one or more MTUs that are used by engineers in a control station to monitor and control a large number of RTUs. An MTU is a midrange computer running SCADA utility programs. RTUs are generally small dedicated devices with some processing power, designed for rough field or industrial environment. One or more SCADA MTUs retrieve real-time analog and status data from RTUs, store, and analyze these data. MTUs automatically send control commands to the RTUs or enable the engineers to do so manually. The modern SCADA control systems lack security and are very vulnerable to cyber attacks (Byres, Hoffman, and Kube, 2006). Modern SCADA networks, integrated with corporate networks and the Internet, have become far more vulnerable to unauthorized cyber attacks. By sending a false control message, an unauthorized intruder for example, can manipulate traffic signals, electric-power switching stations, chemical process-control systems, or sewage-water valves, creating major damage to public safety and health. Risk management is a decision-making process and a phase in the life cycle of information security management (Conklin et al., 2004). It is an iterative process to manage risk, identify the threats, and determine what could happen to an organization if the threats were to happen, and then analyze what can be done to control the impact. As a result of risk management process, one or more security models are proposed. These models need to be evaluated for their correct functionality. In the proposed research, we take the two security models presented in Patel, S. C., and Graham, J. H., 2005. Security Models of SCADA The transmission of data and control commands between an MTU and an RTU, referred to as SCADA communications, is carried over a variety of media, including Ethernet, corporate frame relay, fiber channel, CDPD cellular systems, microwave signals, direct satellite broadcast, and many licensed or unlicensed radio systems, as show in Figure 1. The most common protocols used for the communication are IEC (International Electrotechnical Commission) 60870-5-101, Distributed Network Protocol or DNP3 (DNP3 Web), and Modbus. The IEC and DNP3 protocols provide more functionality than Modbus and are used for higher data volumes. IEC protocols dominate the market in Europe, whereas DNP is a major market player in North America (Makhija and Subramanyan, 2003). DNP3 protocols are also widely used in Australia and China. Two DNP3 security models, based on initial work by the DNP3 User Group, were proposed in (Hieb, J.L., Graham, J.H., and Patel, S.C., 2007; Patel, S. C., and Graham, J. H., 2005; Patel, S. C., 2006; Graham, J. H., Mostafa S., et al., 2007). They are described in the next two subsections, and the analyses are presented in sections 3 and 4. Model 1: Authentication via Digital Signatures In this model, the digital signatures are used with cryptographic checksums (secure hash). The sender of the message (typically an MTU) calculates a hash digest on an input stream that consists of the timestamp added to a part of the message that is intended to be sent. A hash digest is a unique number for a supplied input stream. The sender encrypts this digest using its private key and then sends the message with the encrypted digest. The receiver of the message (typically an RTU) decrypts the hash digest using the sender’s public key so that the receiver
  • 3. International Management Review Vol. 3 No. 2 2007 70 can retrieve the hash digest. If the receiver can successfully decrypt the message, the authenticity of the sender is proven. The receiver also calculates the hash digest on the input steam consisting of the part of the message it received and the timestamp. The receiver compares this digest with the one that it received with the message. If the digest values match, the receiver concludes that the message contents have not been altered by an intruder. This security model was designed to protect against the threats of reply, spoofing, and modification attacks. Since the message travels in plaintext, this model does not protect the message from eavesdropping. However, the eavesdropper does not pick up any valuable or secret information. For SCADA networks, this threat is not a concern since the values sent by MTU could be a control value such as new valve position or water-tank level. Figure 1. SCADA Architectural Components Model 2: Authentication via Challenge Response This model is designed to verify the identity of two communicating devices (MTU or RTU). Any of the communicating devices could verify the other device. Typically, an RTU would verify an MTU when the RTU receives a request to establish a connection, or at random time intervals after the connection has been established, or when it receives an atypically control value from an MTU. An MTU would typically verify an RTU when the MTU receives an atypical field value or at random time intervals. This model is designed to protect against the man-in-the-middle attack.
  • 4. International Management Review Vol. 3 No. 2 2007 71 In this model, the participating MTU and the RTU share a secret value, typically a few bytes long. When a device wants to verify whether the other device is authentic, it sends a random and unpredictable number as a challenge. The responding device adds the pre-shared secret bytes to the challenge, calculates the hash digest, and sends the digest as a response. The challenging device knows what the digest value should be, since it has both the challenge and the secret, which are necessary to calculate the right value. Thus, the challenging device can verify if the response is correct. Threat Evaluation of SCADA Misuse IDSs (knowledge-based or signature-based) look for specific patterns that define a known attack. The information about known attacks and vulnerabilities of the system is encoded into a “signature.” Any actions on the system that trigger the match are reported as “attempts” of intrusion. Signatures are patterns related to known attacks or misuse symptoms and are useful in the specification of the features, conditions, arrangements, and interrelationships among events that lead to an intrusion. They may be simple as in the case of character string matching looking for a single term or command or complexes of state transition written in a formal mathematical expression. Most virus detection programs are examples of misuse detection. Another widely used method is to analyze user keystroke patterns to monitor matches specific keystroke sequences indicating an attack entered by a user. Typing biometrics is the analysis of a user's keystroke patterns. Each user has a unique way of using the keyboard to enter a password. Threat analysis can show that a proposed model has a potential to guard against the attacks, which are threats to SCADA. Specifically, the analysis verifies if the intened attacks can be prevented by a model. We performed the threat analysis by taking each threat and analyzing how it would be prevented by the cryptographic components of the proposed models. The following threat analysis scrutinizes the model to verify that it works as intended (provides desired protection from attacks). Analyses of various threats showed that the proposed models had a potential to guard against the attacks that are threats to SCADA. Threat analysis is a comprehensive model-analysis that considers both the models together. The modification and spoofing attack analyses described below refer to protection provided by digital signature authentication. The man-in-the-middle attack and non-repudiation analyses below refer to protection from challenge response authentication. The replay attack analysis refers to both of the authentication methods (first, digital signature and then challenge-response authentication). The specific threat analyses are as follows: Modification attack: An intruder may try to intercept a message, such as a status request by an MTU, and modify it with another message, such as a control message asking to switch on a circuit breaker. The intruder will not succeed in doing so because the hash digest, which is attached with the message, contains a part of the message. So, when the intruder changes the message, the old hash value will no longer be valid. If the intruder calculates a new hash value, he/she cannot sign (encrypt) the message, since signing requires sender’s private key, which the intruder does not have.
  • 5. International Management Review Vol. 3 No. 2 2007 72 • Spoofing: An intruder may try to impersonate an MTU, sending a control message to an RTU. However, the intruder cannot succeed, since he/she cannot sign the message with a valid private key. When the receiving RTU tries to decrypt the message using MTU’s public key, it won’t be able to do so and will discard the message. • Man-in-the-middle attack: The challenging party sends a challenge that is unique and random each time. So, the intruder cannot reuse an old hash value (that he/she might have received as the man-in-the-middle) to pretend an authenticated party. If there is the authenticated party trying to launch the man-in-the-middle attack, the challenge- response authentication will eliminate such attacks at the beginning of the session, since this authentication is performed while connections are established. Also, since the authentication is also performed at random intervals, it will eradicate those attacks that succeeded past the challenge-response authentication at the beginning of the session. In any case, all control messages are guarded with challenge-response authentication as an additional safe guard. • Non-repudiation: A digital signature provides the service of non-repudiation. If the sender (MTU) claims that it never sent the message, it could be pointed out that it signed the message with its private key. Unless the private key is stolen, nobody else but the MTU would know this key. However, this service may not be of much importance to SCADA considering that the purpose of its communications is between an RTU and an MTU and not for the commercial uses. • Replay attack: An intruder may try to intercept a message or a command and try to replay it back later. However, the receiver will probably reject the message because the message will have incorrect nonce (a parameter that varies with time) or incorrect timestamp. The intruder cannot get or change the nonce value since the hash digest is encrypted. Generally, replay without modification does not pose big security threats to SCADA communications. Replay of SCADA control command is additionally guarded with challenge-response authentication. • Eavesdropping: An intruder may tap a communication channel or intercept a message to listen to the communication between an RTU and an MTU. This threat is not an issue with SCADA because the intruder picks up data at the protocol level but does not get any valuable information that he/she can use to launch an attack or steal as valuable commercial information. The intruder cannot get the hash digest value in the digital signature model because it is transmitted in an encrypted form. The intruder cannot get the shared secret in the challenge response authentication because it is never transmitted over the line. Vulnerability Analysis of SCADA The goal of anomaly intrusion detection is to detect new or unknown attacks against a computer system, which can be done in a number of ways, such as monitoring network activities, monitoring user or system level behavior. The most significant advantage of anomaly detection is the ability to detect novel attacks against software, variants of known
  • 6. International Management Review Vol. 3 No. 2 2007 73 attacks, and deviations from normal usage of programs, regardless of whether the source is a privileged internal user or an unauthorized external user. For example, by establishing “profiles” of typical user activities (such as login time, number of failure logins, CPU usage, etc), an IDS can monitor current user activities and compare with established profiles. Whenever a large deviation beyond a predefined threshold is detected, it is reported to as the possible intrusions. The vulnerability analysis answers questions as to why and how the model will work. Various threats are identified. Each threat is then analyzed by constructing various scenarios revealing what an intruder can do. Scenarios include various attacks that an intruder can launch with information, such as • Types of attacks an intruder can launch (for example, brute-force attack and bypass attack). • The steps necessary to launch an attack. • What types of information the intruder can originally have. • What type of information the intruder can gather to improve his/her subsequent attacks. • Attacks that can be launched combining two or more attacks and information gathered by an intruder from each attack. • Prioritizing SCADA risks. That is, what would be consequences of an attack and (what an intruder can achieve) and what would it mean to SCADA security risks in terms of result of such an attack. Vulnerability analyses performed on security models later can be used once code is written and more implementation-information is available. For example, the information, such as maximum, minimum, and average number of tries it would take an intruder to successfully attack (break) the system, can be obtained from the type of the encryption algorithm used. Based upon such information, the plausibility of each of the attacks can be considered. If one or more attacks are estimated to be likely or possible with improvement in technology over time, the vulnerability analysis would indicate that the model must be revised. The following sections demonstrate the use of vulnerability analysis on the two security models by examining what an intruder can and cannot do. The analysis described below answers questions as to why and how a model will work. Vulnerability Analysis of Model 1: Digital Signature To calculate a hash value, data such as DNP3 application layer header, output object header and data, timestamp, nonce, hash method (e.g., SHA-1), and length fields of the message fragment were used (Hieb, J.L., Graham, J.H., and Patel, S.C., 2007; Patel, S. C., and Graham, J. H., 2005; Patel, S. C., 2006.; Graham, J.H., Mostafa S., et al., 2007). This hash value is encrypted with an MTU’s private key. When an RTU receives the message, it uses the MTU’s public key to decrypt it. When the RTU decrypts the message successfully, it can conclude that the message came from an authentic MTU, since the MTU must have “signed” (encrypted) the message with its private key that only the MTU has. This would provide an RTU with the assurance that the message came from an authenticated MTU. Notice that in this model, it was chosen not to encrypt the message itself because encryption takes much processing time. Therefore, the receiver must verify that the contents of the message were not
  • 7. International Management Review Vol. 3 No. 2 2007 74 altered by an intruder who could be in the middle. The integrity of the contents of a message are verified by matching the hash digest that came with the message to the one independently calculated by the RTU. It is possible for an intruder to read the message, since it is not encrypted. It is also possible for the intruder to decrypt the hash, since he/she can get the public key that is required to decrypt it. The intruder can also try to calculate a new hash value. However, the intruder cannot do much with all this information, since he/she does not have the private key, which is required to properly encrypt the new hash digest that is needed if he/she tried to change the message. If the intruder sends the message encrypted without the MTU’s private key, then, upon receiving the message, when the RTU tries to decrypt it using the MTU’s public key, it won’t be able to do so because the MTU’s public key works only on the messages encrypted with the MTU’s private key. Consequently, the RTU will find that the message was sent from an unauthentic source. An additional security guard is a time stamp that would verify that the time of reception does not vary from the time of transmission by a given amount, giving the intruder as little time as possible even if he/she succeeds in faking the rest of the values. Vulnerability Analysis of Model 2: Challenge-Response Model This authentication method depends upon a "secret" known only to the authenticator and that peer. Although the challenge is random (but unique and unpredictable), the response depends upon the challenge and a secret key added to the stream passed for hashing. The response value is the one-way hash calculated over a stream of octets consisting of an identifier (a field that changes every time), followed by the "secret," followed by the challenge value. The length of the response value depends upon the hash algorithm used (e.g., 16 octets for MD5). The secret is not sent over the link. Even if the intruder tries to pretend to be a challenger or a responder, he/she will not have the secret needed to calculate a correct hash value. Since the challenge is unique (different every time), the intruder cannot use an old hash value that he/she might have intercepted by eavesdropping. Challenge-response provides protection against replay attack by the peer. That is, an attack from another RTU using data from challenge-response between an RTU and an MTU is prevented through the use of an incrementally changing identifier and a variable challenge value. Since the authenticator is in control of the frequency and timing of the challenges, it can use repeated challenges for enhanced security, since such challenges can limit the time an intruder has for an attack. This model can work successfully with only one set of secrets. In other words, it is not necessary to have a set of secrets for a challenger and another set of secrets for the responder. The vulnerability analysis successfully scrutinized both the models to verify that they worked as intended. That is, the analysis proved that the models provided the desired protection from attacks. Security Experimental Test-bed The test-bed (Figure 2) consists of one MTU that communicates with seven RTUs. Four RTUs
  • 8. International Management Review Vol. 3 No. 2 2007 75 are locally installed at the Intelligent Systems Research Lab at the University of Louisville and connected to the MTU with an Ethernet LAN infrastructure. The test-bed also has a WAN connection to an RTU located at Western Kentucky University. There are two actual SCADA systems in the Chemical Engineering Department at the University of Louisville to which the test bed is also connected. The Process Control Lab contains a simple level control system and the Unit Operations Lab contains a large binary distillation column. Both systems use a PC and GE Fanuc iFIX™ SCADA / HMI software for process monitoring and control. RTUs are running a DNP 3 communication driver to communicate and exchange data with the MTU. Also, for each RTU, an intrusion detection sensor Snort is installed to monitor the traffic going in and out with the RTU. The remote RTU is connected to the SCADA system using the Internet. Attacks were simulated using two methods. The wireless access points installed in the University of Louisville gives the user direct access to the University Ethernet infrastructure. The other method was to attack the system is externally using the Internet. Figure 2. Experimental SCADA Test-bed
  • 9. International Management Review Vol. 3 No. 2 2007 76 Conclusion This paper has discussed various aspects of the security of SCADA communication protocols. Two security models have been verified for correctness by threat and vulnerability analyses. Threat analyses considered various attacks such as replay and spoofing and explicated how the proposed models guarded against these attacks. Vulnerability analyses examined intrusion tactics such as those by using brute-forcing and bypassing attack, and explained how the security models prevented an intruder from deploying the attacks successfully. The analyses indicated that the use of these security models in SCADA communications can significantly reduce the vulnerability of these critical systems to malicious cyber attacks, potentially avoiding the serious consequences of such attacks. References Byres, E.J., Hoffman, D., & Kube, N. (2006). On Shaky Ground – A Study of Security Vulnerabilities in Control Protocols. Proceedings of the 5th American Nuclear Society International Topical Meeting on Nuclear Plant Implementation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November, 2006. Conklin W. M. A., White, G..B., Cothren, C., Williams, D., &Davis, R.L. (2004). Principles of Computer Security: Security and Beyond. McGraw Hill Technology Education, Boston, Massachusetts. DNP3 Web home-page, http://www.dnp.org/ Graham, J. H., Mostafa S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., & Patel, S. (2007). Improvements in SCADA and DCS systems security. Proceedings of International Conference on Computers and Their Applications, Honolulu, Hawaii, March 28-30, pp.194-200. Graham, J. H., & Patel, S.C. (2005). Correctness Proofs for SCADA Communication Protocols. Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Orlando, FL, July 10-13, pp.392-397. Hieb, J.L., Graham, J.H., & Patel, S.C. (2007). Cyber Security Enhancements for SCADA and DCS Systems. Critical Infrastructure Protection: Issues and Solutions, Springer. Makhija, J., & Subramanyan, L.R. (2003). Comparison of protocols used in remote monitoring: DNP 3.0, IEC 870-5-101 & Modbus. M. Tech Report, Indian Institute of Technology, Bombay, India. Patel, S. C. (2006). Secure Internet-Based Communication Protocol for SCADA Networks, Doctoral Dissertation, University of Louisville, Louisville, Kentucky, USA. Rinaldi, S.M., Peerenboom, J.P., &Kelly, T.K. (2001). Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems, Vol. 21, No. 6, pp.11-25.