ABSTRACT
SCADA (Supervisory Control and Data Acquisition), these are systems based on real-time processing, control and design for real time infrastructure such as water pumping stations, oil purification plants and rail control centers etc. In the initial structure of SCADA there is no security mechanism that prevents or detects the attacks in SCADA communication network. SCADA technology is not new but was deployed in limited networks; currently these systems have been deployed and accessible by many networks such as LAN/WAN, Mobile networks, Web Browsers and GPRS through internet technology. Using Modern communication facilities SCADA systems are vulnerable from different types of internet attacks that create major security problems for SCADA communication. The current paper proposes cryptography solutions for securing SCADA communication. In first part, we propose Cryptography solution using "Advance Encryption Standard (AES) and SHA-1 algorithms" to secure each end of SCADA communication by implementing security services such as authentication, integrity, and confidentiality In Second part, we propose hybrid cryptography solution for SCADA and give solution to prevent the major attacks that in- Securing the SCADA communication. "Hybrid Cryptography Secure Simulation Model" is used to discuss and give solutions for putting security services such as authentication, integrity, confidentiality, and non-repudiation in APDU (Application Protocol Data Unit) and LPDU (Link Protocol Data Unit) within SCADA DNP3 protocol, and Rest of paper provide solutions to overcome/prevent attacks such as Guessing Shared Key, Brute force from Authentication; Eavesdropping, Key Cracking, Man in the Middle from Confidentiality; Frame Injection, Data Replay, Data Deletion from Integrity. We use DNP3Sec as framework. Current paper gives research Directions and methods to more secure real time systems.
- M. Malekzadeh*, A. A A. Ghani, S. Subramaniam, Protected control packets to prevent denial of services attacks in IEEE 802.11 wireless networks, Malekzadeh et al. EURASIP Journal on Information Security 2011, 2011, http://jis.eurasipjournals.comGoogle Scholar
- N. Kamel, N. Hamdy, S. H. Ahmed, A Proposed Intrusion Detection System for Encrypted Computer Networks, Third International Conference on Informatics and Systems, Mar 19--22, 2005, http://www.cs.purdue.edu/homes/nkahmed/papers/ahmed-infos05.pdfGoogle Scholar
- C. K. Kumar1, G. J. Arul Jose1, C. Sajeev1, C. Suyambulingom2, Safety Measures Against Man-In-The-Middle Attack In Key Exchange, 2006--2012 Asian Research Publishing Network (ARPN), VOL. 7, NO. 2, FEBRUARY 2012 ISSN 1819--6608, www.arpnjournals.comGoogle Scholar
- S. AlZaabi, S. Baniabdalsalam, M. Baniabdalsalam, 21 Oct 2008, http://www.verimag.imag.fr/~plafourc/teaching/Lecture_Note_08_04.pdfGoogle Scholar
- Ol Adeyinka, Internet Attack Methods and Internet Security Technology, 978-0-7695-3136-6/08 $25.00 © 2008 IEEE DOI, 10.1109/AMS.2008.68, http://jmiller.uaa.alaska.edu/cse465-fall2011/papers/adeyinka2008-1.pdf Google ScholarDigital Library
- James H. Graham, Sandip C. Patel Security, Considerations in SCADA Communication Protocols, September 2004, www.cs.louisville.edu/facilities/ISLab/tech%20papers/ISRGoogle Scholar
- Paul Blomgren, Safenet My-Kotronx, Members of Gas Controller committee...., American Gas Association (AGA), Draft 4, AGA Report 12, Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan, IEEE, March 14, 2006, http://www.gtiservices.org/security/AGA12Draft4r1Google Scholar
- David Bailey & Edwin Wright, Practical SCADA for industry, http://books.google.com.my/booksGoogle Scholar
- M. D. Hadley, K. A. Huston, T. W. Edgar, American Gas Association (AGA), Report No. 12 Part 2. Cryptographic Protection of SCADA Communications: Retrofit Link Encryption for Asynchronous Serial Communications, IEEE, Aug 2007, www.waterresearchfoundation.org/research/.../2969/AGAGoogle Scholar
- Sandip C. Patel, Ganesh D. Bhatt, and James H. Graham, Improving the cyber security of Scada communication Network, Communication of ACM, Vol 52 No. 7, July 2009, http://portal.acm.org/citation.cfm?id=1538820 Google ScholarDigital Library
- D. Wijesekera, M. Majdalawieh, F. P. Presicce, DNPSec: Disrtibuted NetworkProtocol Version 3 (DNP3) Security Framework, Advances in Computer, Information, and Systems Sciences, and Engineering 2006, 227--234, Doi: 10.1007/1-4020-5261-8_36, http://www.springerlink.com/content/v97332726617j308/Google Scholar
- DNP3 Organization homepage: http://www.dnp.org/Google Scholar
- Modbus Organization. http://www.modbus.com/Google Scholar
- Andrew Wright, John Kinast, and Joe McCarty, Low-Latency Cryptographic Protection for SCADA Communication, Springer Lecture Notes, 2006, http://scadasafe.sourceforge.net/securityGoogle Scholar
- Robert Dawson Colin Boyd Ed Dawson Juan Manuel González Nieto, A Key Management Architecture for SCADA Systems, ACM journal, 2006, http://portal.acm.org/ft_gateway.cfm?id=1151850 Google ScholarDigital Library
Index Terms
- Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security
Recommendations
Simulation base implementation for placement of security services in real time environment
ICUIMC '13: Proceedings of the 7th International Conference on Ubiquitous Information Management and CommunicationSCADA (Supervisory Control and Data Acquisition) is a real time systems that are deployed over real time infrastructure such as water pumping stations, oil purification plants and rail control centers etc. These systems were connected with local area ...
Secure IoT framework and 2D architecture for End-To-End security
In this paper, we proposed an secure IoT framework to ensure an End-To-End security from an IoT application to IoT devices. The proposed IoT framework consists of the IoT application, an IoT broker and the IoT devices. The IoT devices can be deployed ...
Architecture and security of SCADA systems: A review
AbstractPipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU – these catastrophic events could result because of an ...
Comments