Skip to main content
SpringerLink
Log in

Design and Development of Secure Data Transfer Modules in Industrial Control Systems

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Industrial control systems (ICS) like supervisory control and data acquisition (SCADA) systems play a crucial role in monitoring and controlling various process industries in national critical infrastructures. They are connecting to internet and highly inter-connected corporate networks for sharing the field data to third party heterogeneous systems like enterprise resource planning, third party SCADA systems etc. Even though it helps to share the data for monitoring and control of systems, it also opens the doors for cyber-attacks. It needs to strengthen the cyber security of these SCADA systems. There are various components in SCADA systems which requires to build security in these components. Generally, most of the SCADA systems uses MODBUS communication protocol for scanning the PLC devices to acquire the field data. The communication protocol security is one of the main components which was little addressed. The MODBUS protocol was developed without security in mind because security aspect was not a concern in closed environments of industrial control systems. It is highly vulnerable to cyber-attacks. There are some methods already developed by scholars to implement security in MODBUS protocol, but the existing methods modified the MODBUS frame formats. Hence, they are not suitable to the existing legacy systems because they do not support interoperability between various industry manufacturer’s products. Another critical problem in existing methods is all the required security features were not implemented in a single method which would satisfy the security features like integrity, confidentiality, non-repudiation, authorization and authentication. In this paper, we designed and developed a new method by developing Secure Modbus Gateway Server and Client modules to provide secure data transfer between data acquisition servers and PLCs. In this methodology, the modules were developed using RSA and AES algorithms for achieving confidentiality and non-repudiation, SHA algorithm to provide integrity of the message. These modules also support authorization and authentication features. The time stamp in the Modbus frame was also included and transmitted to prevent replay attacks. The advantages of these modules/methodology are, it supports all required features for secure data transfer like integrity, confidentiality, non-repudiation, authorization and authentication. They also provide time stamp, frame filtering and exception response alarm triggering features. These modules also support interoperability and they can be easily installed in existing legacy systems. We measured performance metrics like attack resilience rate (ARP), attack penetration rate (APR) and overheads. This method protects the ICS system for 97% of attacks. The overhead on protocol was also calculated and it is found that 3.5% extra delay in round trip time which is very minor and can be tolerated in exchange of the important security benefits offered.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

(Source Side)

Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Availability of Data and Materials

The data generated during and/or analysed during the current study are available from the corresponding author on reasonable request.

Code Availability

The code is available from the corresponding author on reasonable request.

References

  1. Cheminod, M., Durante, L., & Valenzano, A. (2013). Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics, 9, 277–293.

    Article  Google Scholar 

  2. Genge, B., Haller, P., & Kiss, I. (2017). Cyber-security-aware network design of industrial control systems. IEEE Systems Journal, 11(3), 1373–1384. https://doi.org/10.1109/JSYST.2015.2462715

    Article  Google Scholar 

  3. Ghosh, S., & Sampalli, S. (2019). A survey of security in SCADA networks: Current issues and future challenges. IEEE Access, 7, 135812–135831. https://doi.org/10.1109/ACCESS.2019.2926441

    Article  Google Scholar 

  4. Ponomarev, S., & Atkison, T. (2016). Industrial control system network intrusion detection by telemetry analysis. IEEE Transactions on Dependable and Secure Computing, 13(2), 252–260. https://doi.org/10.1109/TDSC.2015.2443793

    Article  Google Scholar 

  5. Choi, D., Lee, S., Won, D., & Kim, S. (2010). Efficient secure group communications for SCADA. IEEE Transactions on Power Delivery, 25(2), 714–722. https://doi.org/10.1109/TPWRD.2009.2036181

    Article  Google Scholar 

  6. Hood, G. W., Hall, K. H., Chand, S., DMura, P. R., Kalan, M. D., & Plache, K. S. (2011). Module and controller operation for industrial control systems. U.S. Patent No. 7,912,560.

  7. ICS-CERT year in review-2016 2016 (online) Retrieved from https://www.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_Final_S508C.pdf

  8. Zhu, B., Joseph, A., & Sastry, S. (2011). A taxonomy of cyber-attacks on SCADA systems, in IEE International conference on internet of things and 4th international conference on cyber, physical and social computing. IEEE.

  9. Cruz, T., et al. (2016). A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236–2246. https://doi.org/10.1109/TII.2016.2599841

    Article  Google Scholar 

  10. Shahzad, A., Xiong, N., Irfan, M., Lee, M., Hussain, S., & Khaltar, B. (2015). A SCADA intermediate simulation platform to enhance the system security, in 2015 17th International conference on advanced communication technology (ICACT), Seoul, (pp. 368–373). https://doi.org/10.1109/ICACT.2015.7224821

  11. Shahzad, A. A. et al. (2014). Industrial control systems (ICSs) vulnerabilities analysis and SCADA security enhancement using testbed encryption, in Proceedings of the 8th international conference on ubiquitous information management and communication. ACM.

  12. Robles, R. J., & Min-kyu, C. (2009). Assessment of the vulnerabilities of SCADA, control systems and critical infrastructure systems. Assessment 2.2 (2009): 27–34.

  13. MODBUS Appl Protocol Specification V1.1 b3, Modbus Organization, April 26, 2012.

  14. MODBUS Messaging on Tcp/Ip Implementation Guide V1.0b, Modbus Organization, Oct 24, 2006.

  15. Rrushi, J. L. (2012). SCADA protocol vulnerabilities. Critical infrastructure protection (pp. 150–176). Berlin, Heidelberg: Springer.

    Chapter  Google Scholar 

  16. Nardone, R., Ricardo, J. R., & Marrone, S. (2016). Formal security assessment of Modbus protocol, in 2016 11th international conference for internet technology and secured transactions (ICITST). IEEE.

  17. Huitsing, P., Chandia, R., Papa, M., & Shenoi, S. (2008). Attack taxonomies for the Modbus protocols. International Journal of Critical Infrastructure Protection, 1, 37–44.

    Article  Google Scholar 

  18. Xu, Y., Yang, Y., Li, T., Ju, J., & Wang, Q. (2017). Review on cyber vulnerabilities of communication protocols in industrial control systems, in Proceedings of the 2017 IEEE conference on energy internet and energy system integration (EI2), Beijing, China, 26–28 Nov’17 (pp. 1–6).

  19. Chang, H.-C., Lin, C.-Y., Liao, D.-J. & Koo, T.-M. (2020). The Modbus protocol vulnerability test in industrial control systems, in 2020 International conference on cyber-enabled distributed computing and knowledge discovery (CyberC), Chongqing, China, 2020 (pp. 375–378). https://doi.org/10.1109/CyberC49757.2020.00070

  20. Fovino, I. N., Carcano, A., Masera, M., & Trombetta, A. (2009). Design and implementation of a secure Modbus protocol. IFIP Advances in Information and Communication Technology Critical Infrastructure Protection, III, 83–96. https://doi.org/10.1007/978-3-642-04798-5_6

    Article  Google Scholar 

  21. Shahzad, A., Lee, M., Lee, Y.-K., Kim, S., Xiong, N., Choi, J.-Y., & Cho, Y. (2015). Real time MODBUS transmissions and cryptography security designs and enhancements of protocol sensitive information. Symmetry, 7, 1176–1210.

    Article  MathSciNet  Google Scholar 

  22. Éva, Á., et al. (2018). Proposal of a secure Modbus RTU communication with ADI Shamir’s secret sharing method. International Journal of Electronics and Telecommunications, 64(2), 107–114.

    Google Scholar 

  23. Xuan, L., & Yongzhong, L. (2019). Research and implementation of Modbus TCP security enhancement protocol. Journal of Physics: Conference Series, 1213, 052058. https://doi.org/10.1088/1742-6596/1213/5/052058

    Article  Google Scholar 

  24. Phan, R. C., et al. (2012). Authenticated Modbus protocol for critical infrastructure protection. IEEE Transactions on Power Delivery, 27(3), 1687–1689. https://doi.org/10.1109/TPWRD.2012.2187122

    Article  Google Scholar 

  25. Ferst, M. K., de Figueiredo, H. F. M., Denardin, G., Lopes, J. (2018). Implementation of secure communication with modbus and transport layer security protocols, in 13th IEEE International conference on industry applications (INDUSCON), São Paulo, Brazil, 2018 (pp. 155–162). https://doi.org/10.1109/INDUSCON.2018.8627306

  26. Dudak, J., Gaspar, G., Sedivy, S., Fabo, P., Pepucha, L., & Tanuska, P. (2019). Serial communication protocol with enhanced properties-securing communication layer for smart sensors applications. IEEE Sensors Journal, 19(1), 378–390. https://doi.org/10.1109/JSEN.2018.2874898

    Article  Google Scholar 

  27. Liao, G., Chen, Y., Lu, W., & Cheng, T. (2008). Toward authenticating the master in the Modbus protocol. IEEE Transactions on Power Delivery, 23(4), 2628–2629. https://doi.org/10.1109/TPWRD.2008.2002942

    Article  Google Scholar 

  28. Hayes, G., & Khalil El-Khatib, K. (2013). Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol, in Third international conference on communications and information technology (ICCIT), Beirut (pp. 179–184). https://doi.org/10.1109/ICCITechnology.2013.6579545

  29. Smolarczyk, M., Plamowski, S., Pawluk, J., & Szczypiorski, K. (2022). Anomaly, “Detection in cyclic communication in OT protocols.” Energies, 15, 1517.

    Article  Google Scholar 

  30. Jingran, W., Mingzhe, L., & Aidong, X. (2020). Research and implementation of secure industrial communication protocols,” in Proceedings of the IEEE international conference on artifcial intelligence and information systems (pp. 314–317). IEEE, Kota Kinabalu, Malaysia.

  31. Yi, F., Zhang, L., & Yang, S. (2021). A security-enhanced Modbus TCP protocol and authorized access mechanism,” in Proceedings of the IEEE 6th international conference on data science in cyberspace (pp. 61–67). IEEE, Shenzhen, China.

  32. Chochtoula, D., Ilias, A., Stamatiou, Y. C., & Makris, C. (2022). Integrating elliptic curve cryptography with the Modbus TCP SCADA communication protocol. Future Internet, 14(8), 232.

    Article  Google Scholar 

  33. Ametov, F. R., Bekirov, E. A., & Asanov, M. M. (2021). Organizing the information security in Modbus TCP interfaces for use in the energy complex. IOP Conference Series: Materials Science and Engineering, 1089(1), 012007.

    Article  Google Scholar 

  34. Lin, Y.-C., Lin, C.-F., & Chen, K.-H. (2021). Security enhancement of industrial modbus message transmission with proxy approach, in 2021 IEEE 3rd Eurasia conference on IoT, communication and engineering (ECICE), Yunlin, Taiwan (pp. 90–95). https://doi.org/10.1109/ECICE52819.2021.9645741

  35. Stancu, F. A., Rughiniş, R. V., Trancă, C. D., & Popescu, I. L. (2020). Trusted industrial Modbus firewall for critical infrastructure systems, in2020 19th RoEduNet conference: networking in education and research (RoEduNet), Bucharest, Romania, 2020 (pp. 1–5). https://doi.org/10.1109/RoEduNet51892.2020.9324884

  36. Crypto++ available at https://www.cryptopp.com/

  37. Rajesh, L., & Satyanarayana, P. (2019). Vulnerability Analysis and Enhancement of Security of Communication Protocol in Industrial Control Systems. Helix - The Scientific Explorer (WoS), 9, 5122–5127.

    Google Scholar 

  38. Rajesh, L., & Satyanarayana, P. (2022). Design and development of secure gateway modules for secure communication in industrial control systems. ICCCE 2021. Lecture notes in electrical engineering (Vol. 828). Singapore: Springer. https://doi.org/10.1007/978-981-16-7985-8_27

    Book  Google Scholar 

  39. EtterCap tool at https://www.ettercap-project.org/

  40. Wireshark at https://www.wireshark.org/

  41. Modbus protocol simulators https://www.modbustools.com/ and https://modbus.org/

Download references

Acknowledgements

Authors acknowledges K L deemed to be university to allow them to do research in the university.

Funding

The research did not receive any funding from any institution. The research was done in K L Deemed to be university.

Author information

Authors and Affiliations

  1. Department of ECE, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India

    L. Rajesh & Penke Satyanarayana

Authors
  1. L. Rajesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Penke Satyanarayana
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

RL worked for test bed set up, design, testing, analysis and report. PS reviewed the results and reports.

Corresponding author

Correspondence to L. Rajesh.

Ethics declarations

Conflict of interest

Authors declare no conflicts of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rajesh, L., Satyanarayana, P. Design and Development of Secure Data Transfer Modules in Industrial Control Systems. Wireless Pers Commun 132, 2667–2692 (2023). https://doi.org/10.1007/s11277-023-10738-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10738-0

Keywords

Search

Navigation