Abstract
Industrial systems are publicly the target of cyberattacks since Stuxnet [1]. Nowadays they are increasingly communicating over insecure media such as Internet. Due to their interaction with the real world, it is crucial to prove the security of their protocols. In this paper, we formally study the security of one of the most used industrial protocols: OPC-UA. Using ProVerif, a well known cryptographic protocol verification tool, we are able to check secrecy and authentication properties. We find several attacks on the protocols and provide countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Stouffer, K., Falco, J., Karen, S.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16–16 (2011)
ANSSI. Managing cybersecurity for ICS, June 2012
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
Patel, S.C., Bhatt, G.D., Graham, J.H.: Improving the cyber security of SCADA communication networks. Commun. ACM 52(7), 139–142 (2009)
Clarke, G.R., Reynders, D., Wright, E.: Practical modern SCADA protocols: DNP3, 60870.5 and related systems. Newnes (2004)
Dzung, D., Naedele, M., von Hoff, T.P., Crevatin, M.: Security for industrial communication systems. Proc. IEEE 93(6), 1152–1177 (2005)
Wanying, Q., Weimin, W., Surong, Z., Yan, Z.: The study of security issues for the industrial control systems communication protocols. In: JIMET 2015 (2015)
Patel, S.C., Yu, Y.: Analysis of SCADA security models. Int. Manag. Rev. 3(2), 68 (2007)
Fovino, I., Carcano, A., Masera, M., Trombetta, A.: Design and implementation of a secure MODBUS protocol. In: IFIP AICT 2009 (2009)
Hayes, G., El-Khatib, K.: Securing MODBUS transactions using hash-based message authentication codes and stream transmission control protocol. In: ICCIT 2013, June 2013
Graham, J.H., Patel, S.C.: Correctness proofs for SCADA communication protocols. In: WM-SCI 2005 (2005)
Basin, D., Mödersheim, S., Viganò, L.: An on-the-fly model-checker for security protocol analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)
Saul, E., Hutchison, A.: SPEAR II - the security protocol engineering and analysis resource (1999)
Lafourcade, P., Puys, M.: Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. In: Garcia-Alfaro, J., et al. (eds.) FPS 2015. LNCS, vol. 9482, pp. 137–155. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30303-1_9
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSF 2001 (2001)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1981)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol, version 1.2. IETFRFC 5246, August 2008
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: TACAS 1996 (1996)
Abadi, M., Needham, R.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Softw. Eng. 22(1), 6 (1996)
Focardi, R., Luccio, F.L., Steel, G.: An introduction to security api analysis. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 35–65. Springer, Heidelberg (2011)
Mahnke, W., Leitner, S., Damm, M.: OPC Unified Architecture. Springer, Heidelberg (2009)
OPC Unified Architecture. Part 2: Security model, April 2013
OPC Unified Architecture. Part 4: Services, August 2012
OPC Unified Architecture. Part 6: Mappings, August 2012
Acknowledgements
This work has been partially funded by the CNRS PEPS SISC ASSI 2016, the LabEx PERSYVAL-Lab (ANR-11-LABX-0025), the ARAMIS project (PIA P3342-146798) and “Digital trust” Chair from the University of Auvergne Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Puys, M., Potet, ML., Lafourcade, P. (2016). Formal Analysis of Security Properties on the OPC-UA SCADA Protocol. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-45477-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45476-4
Online ISBN: 978-3-319-45477-1
eBook Packages: Computer ScienceComputer Science (R0)