Application Filters for TCP/IP Industrial Automation Protocols

  • Aguinaldo B. BatistaJr.
  • Tiago H. Kobayashi
  • João Paulo S. Medeiros
  • Agostinho M. BritoJr.
  • Paulo S. Motta Pires
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6027)


The use of firewalls is a common approach usually meant to secure Automation Technology (AT) from Information Technology (TI) networks. This work proposes a filtering system for TCP/IP-based automation networks in which only certain kind of industrial traffic is permitted. All network traffic which does not conform with a proper industrial protocol pattern or with specific rules for its actions is supposed to be abnormal and must be blocked. As a case study, we developed a seventh layer firewall application with the ability of blocking spurious traffic, using an IP packet queueing engine and a regular expression library.


Industrial Firewall Critical Information Infrastructure Protection Modbus/TCP Protocol 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Byres, E., Hoffmann, D.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. Technical report (2003)Google Scholar
  2. 2.
    Creery, A., Byres, E.: Industrial Cybersecurity For Power System And Scada Networks. In: 52nd Industry Applications Society Conference on Petroleum and Chemical Industry, pp. 303–309 (2005)Google Scholar
  3. 3.
    Pires, P., Oliveira, L.: Security Aspects of SCADA and Corporate Network Interconnection: An Overview. In: Proceedings of International Conference on Dependability of Computer Systems, DepCoS-RELCOMEX, Szklarska Poreba, Poland, pp. 127–132 (2006)Google Scholar
  4. 4.
    Krutz, R.L.: Securing SCADA Systems. Willey, Indianapolis (2006)Google Scholar
  5. 5.
    Treytl, A., Sauter, T., Schwaiger, C.: Security Measures for Industrial Fieldbus Systems - State of the Art and Solutions for IP-based Approaches. In: Proceedings of IEEE International Workshop on Factory Communication Systems, September 2004, pp. 201–209 (2004)Google Scholar
  6. 6.
    Dzung, D., Naedele, M., Hoff, T.P.V., Crevatin, M.: Security for Industrial Communication Systems. Proceedings of IEEE 93, 1152–1177 (2005)CrossRefGoogle Scholar
  7. 7.
    Byres, E., Karsch, J., Carter, J.: NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks (February 2005)Google Scholar
  8. 8.
    P. C. Group, NISCC: Good Practice Guide: Process Control and SCADA Security (October 2005)Google Scholar
  9. 9.
    Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. NIST Special Publication (800-82) (September 2006)Google Scholar
  10. 10.
    Paukatong, T.: SCADA Security: A New Concerning Issue of an In-house EGAT-SCADA. In: 2005 IEEE/PES Transmission and Distribution Conference and Exhibition: Asia and Pacific, pp. 1–5 (2005)Google Scholar
  11. 11.
    Pollet, J.: Developing a Solid SCADA Security Strategy. In: Sensors for Industry Conference (Sicon/02), pp. 19–21 (2002)Google Scholar
  12. 12.
    l7 filter: Application Layer Packet Classifier for Linux (2009),
  13. 13. Linux Netfilter (2009),
  14. 14.
    Franz, M., Pothamsetty, V.: Transparent Modbus/TCP Filtering with Linux (2004),
  15. 15.
    Modbus-IDA: Modbus Application Protocol Specification. Modbus-IDA (December 2006)Google Scholar
  16. 16.
    Bies, L.: Modbus Interface Tutorial. Technical report (2009)Google Scholar
  17. 17.
    Acromag: Introduction To Modbus TCP/IP. Acromag Incorporated (2005)Google Scholar
  18. 18.
    Modbus-IDA: Modbus Messaging on TCP/IP Implementation Guide. Modbus-IDA (October 2006)Google Scholar
  19. 19.
    Kobayashi, T.H., Batista, A.B., Brito, A.M., Motta Pires, P.S.: Using a Packet Manipulation Tool for Security Analysis of Industrial Network Protocols. In: IEEE Conference on Emerging Technologies and Factory Automation, pp. 744–747. ETFA (September 2007)Google Scholar
  20. 20.
    Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: Scada Malware, a proof of Concept. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 247–257. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Netfilter: Linux Netfilter Hacking HOWTO (2009),
  22. 22.
    Libipq: Libipq - Iptables userspace packet queuing library (2009),
  23. 23.
    Benvenuti, C.: Understanding Linux Network Internals. O’Reilly, Sebastopol (2005)Google Scholar
  24. 24.
    PCRE: Pcre - perl compatible regular expressions (2009),
  25. 25.
    Perl: perlre - perl regular expressions (2009),
  26. 26.
    Jamod: jamod (2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Aguinaldo B. BatistaJr.
    • 1
  • Tiago H. Kobayashi
    • 1
  • João Paulo S. Medeiros
    • 1
  • Agostinho M. BritoJr.
    • 1
  • Paulo S. Motta Pires
    • 1
  1. 1.LabSIN - Security Information Laboratory, Department of Computer Engineering and AutomationFederal University of Rio Grande do NorteNatalBrazil

Personalised recommendations