Design and Implementation of a Secure Modbus Protocol

  • Igor Nai Fovino
  • Andrea Carcano
  • Marcelo Masera
  • Alberto Trombetta
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 311)


The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.


SCADA systems Modbus secure protocol 


  1. 1.
    O. Alhazmi, Y. Malaiya and I. Ray, Security vulnerabilities in software systems: A quantitative perspective, in Data and Applications Security XIX, S. Jajodia and D. Wijesekera (Eds.), Springer, Berlin-Heidelberg, pp. 281–294, 2005.CrossRefGoogle Scholar
  2. 2.
    American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE), BACnet, ASHRAE SSPC 135, Atlanta, Georgia ( Scholar
  3. 3.
    M. Bishop, Computer Security: Art and Science, Addison-Wesley, Reading, Massachusetts, 2002.Google Scholar
  4. 4.
    A. Carcano, I. Nai Fovino, M. Masera and A. Trombetta, SCADA malware: A proof of concept, presented at the Third International Workshop on Critical Information Infrastructure Security, 2008.Google Scholar
  5. 5.
    R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa and S. Shenoi, Security strategies for SCADA networks, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 117–131, 2007.CrossRefGoogle Scholar
  6. 6.
    A. Creery and E. Byres, Industrial cybersecurity for power system and SCADA networks – Be secure, IEEE Industry Applications, vol. 13(4), pp. 49–55, 2007.CrossRefGoogle Scholar
  7. 7.
    G. Dondossola, J. Szanto, M. Masera and I. Nai Fovino, Effects of intentional threats to power substation control systems, International Journal of Critical Infrastructures, vol. 4(1/2), pp. 129–143, 2008.CrossRefGoogle Scholar
  8. 8.
    J. Heo, C. Hong, S. Ju, Y. Lim, B. Lee and D. Hyun, A security mechanism for automation control in PLC-based networks, Proceedings of the IEEE International Symposium on Power Line Communications and its Applications, pp. 466–470, 2007.Google Scholar
  9. 9.
    D. Holmberg, BACnet Wide Area Network Security Threat Assessment, NISTIR 7009, National Institute of Standards and Technology, Gaithersburg, Maryland, 2003.Google Scholar
  10. 10.
    P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.CrossRefGoogle Scholar
  11. 11.
    A. Jones and D. Ashenden, Risk Management for Computer Security: Protecting Your Network and Information Assets, Elsevier, Oxford, United Kingdom, 2005.Google Scholar
  12. 12.
    R. Leszczyna, I. Nai Fovino and M. Masera, Simulating malware with MAlSim, Computer Virology, EICAR 2008 Extended Version, 2008.Google Scholar
  13. 13.
    M. Majdalawieh, F. Parisi-Presicce and D. Wijesekera, DNPSec: Distributed Network Protocol Version 3 security framework, presented at the Twenty-First Annual Computer Security Applications Conference (Technology Blitz Session), 2005.Google Scholar
  14. 14.
    T. Mander, F. Nabhani, L. Wang and R. Cheung, Data object based security for DNP3 over TCP/IP for increased utility of commercial aspects of security, Proceedings of the IEEE Power Engineering Society General Meeting, pp. 1–8, 2007.Google Scholar
  15. 15.
    M. Masera, I. Nai Fovino and R. Leszczyna, Security assessment of a turbo-gas power plant, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 31–40, 2008.Google Scholar
  16. 16.
    Modbus IDA, MODBUS Application Protocol Specification v1.1a, North Grafton, Massachusetts (, 2004.Google Scholar
  17. 17.
    R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21(2), pp. 120–126, 1978.MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    M. Wiener, H. Handschuh, P. Pallier, R. Rivest, E. Biham and L. Knudsen, Performance comparison of public-key cryptosystems, smartcard crypto-coprocessors for public-key cryptography, chaffing and winnowing: Confidentiality without encryption, DES, Triple-DES and AES, CryptoBytes, vol. 4(1), 1998.Google Scholar
  19. 19.
    A. Wright, J. Kinast and J. McCarty, Low-latency cryptographic protection for SCADA communications, Proceedings of the Second International Conference on Applied Security and Network Security, pp. 263–277, 2004.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Igor Nai Fovino
  • Andrea Carcano
  • Marcelo Masera
  • Alberto Trombetta

There are no affiliations available

Personalised recommendations