Advertisement

Protection of SCADA Communication Channels

  • Abdelmajid Khelil
  • Daniel Germanus
  • Neeraj Suri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7130)

Abstract

The modern day e-society inherently depends on Critical Infrastructures (CI) such as power grid, communication, transportation etc. For such CIs to operate efficiently, Supervisory Control and Data Acquisition (SCADA) systems direct their control and monitoring functionality. However, the technological shift is towards commercial-off-the-shelf SCADA systems that are also increasingly interconnected with each other primarily over dedicated network but slowly tending to even Internet level connectivity. This introduces new communication-level threats and vulnerabilities to SCADA systems. Therefore, the disputed concept ”security through obscurity” is no longer applicable, and previously unnoticed or ignored security issues might now be exposed. To handle such security challenges, techniques from conventional networked systems are also being adopted to the SCADA domain. This chapter discusses both adopted and newly developed techniques to secure communication in monolithic as well as highly interconnected systems.

Keywords

Intrusion Detection System Distribute Hash Table Mobile Agent System Scada System Critical Infrastructure Protection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems 21(6), 11–25 (2001)CrossRefGoogle Scholar
  2. 2.
    Wang, Y., Chu, B.T.: sSCADA: Securing SCADA infrastructure communications. In: Cryptology ePrint Archive, Report 2004/265 (2004), http://eprint.iacr.org/2004/265.pdf
  3. 3.
    Patel, S.: Secure internet-based communication protocol for SCADA networks. In: PhD Thesis, University of Louisville, Kentucky (2006)Google Scholar
  4. 4.
    Igure, V.M., Laugher, S.A., Williams, R.D.: Security issues in SCADA networks. Elsevier Computers and Security Journal 25(7), 498–506 (2006)Google Scholar
  5. 5.
    Graham, J., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)Google Scholar
  6. 6.
    Hieb, J.L., Graham, J.H., Patel, S.C.: Security Enhancements for Distributed Control Systems. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 133–146. Springer, New York (2007)CrossRefGoogle Scholar
  7. 7.
    Lim, I.H., Hong, S., Choi, M.S., Lee, S.J., Lee, S.W., Ha, B.N.: Applying Security Algorithms against Cyber Attacks in the Distribution Automation System. In: IEEE PES (2008)Google Scholar
  8. 8.
    Patel, S.C., Bhatt, G.D., Graham, J.: Improving the cyber security of SCADA communication networks. Communications of ACM 52(7) (July 2009)Google Scholar
  9. 9.
    Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for SCADA Networks. In: Critical Infrastructure Protection (2007) ISBN 978-0-387-75461-1Google Scholar
  10. 10.
    D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure rEsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    D’Antonio, S., Romano, L., Khelil, A., Suri, N.: Increasing Security and Protection of SCADA Systems through Infrastructure Resilience. In: Proc. of The International Journal of System of Systems Engineering (IJSSE). INDERSCIENCE publishers (2009) (to appear)Google Scholar
  12. 12.
    Khelil, A., Jeckel, S., Germanus, D., Suri, N.: Towards Benchmarking of P2P Technologies from a SCADA Systems Protection Perspective. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 400–414. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Germanus, D., Khelil, A., Suri, N.: Increasing the Resilience of Critical SCADA Systems Using Peer-to-Peer Overlays. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 161–178. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Hauser, C.H., Bakken, D.E., Dionysiou, I., Gjermudd, K.K., Irava, V.S., Helkey, J., Bose, A.: Security, Trust, and QoS in Next-Generation Control and Communication for Large Power Systems. International Journal of Critical Infrastructures 4(1/2), 3–16 (2008)CrossRefGoogle Scholar
  15. 15.
    Gjermundrod, H., Bakken, D.E., Hauser, C.H., Bose, A.: GridStat: A Flexible QoS-Managed Data Dissemination Framework for the Power Grid. IEEE Transactions on Power Delivery 24(1), 136–143 (2009)CrossRefGoogle Scholar
  16. 16.
    Watts, D.: Security and vulnerability in electric power systems. In: Proc. of The 35th North American, Power Symposium (2003)Google Scholar
  17. 17.
    Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)Google Scholar
  18. 18.
    American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan. AGA Report No.12, Part 1 (2006)Google Scholar
  19. 19.
    American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 2: Retrofit Application. AGA Report No.12, Part 2 (2006)Google Scholar
  20. 20.
    American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 3: Protection of Networked Systems. AGA Report No.12, Part 3 (2006)Google Scholar
  21. 21.
    Distributed Network ProtocolGoogle Scholar
  22. 22.
    Dawson, R., Boyd, C., Dawson, E., Nieto, J.M.G.: SKMA-A Key Management Architecture for SCADA Systems. In: Proc. of The Australasian Workshops on Grid Computing and e-Research (2006)Google Scholar
  23. 23.
    Industrial Control System Security Current Trends and Risk Mitigation (2009), http://www.intekras.com/IndustrialControlSystemSecurity.pdf
  24. 24.
    Byres, E.J., Eng, P., Lissimore, D., Kube, N.: Who Turned Out The Lights? Security Testing for SCADA and Control Systems. In: Proc. of The CanSecWest Applied Security Conference (2006)Google Scholar
  25. 25.
    Wikipedia. The stuxnet worm (2010)Google Scholar
  26. 26.
    Cyberspies penetrate electrical grid: report (2009), http://www.reuters.com/article/idUSTRE53729120090408
  27. 27.
  28. 28.
    Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid (2007), http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html
  29. 29.
    Slay, J., Miller, M.: Lessons Learned from the Maroochy Water Breach. IFIP, vol. 253. Springer, Boston (2007)Google Scholar
  30. 30.
    Top 10 Vulnerabilities of Control Systems and their Associated Mitigations (2007)Google Scholar
  31. 31.
    Byres, E.J., Hoffman, D., Kube, N.: On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols. In: Proc. of The 5th American Nuclear Society International Topical Meeting on Nuclear Plant Implementation, Controls, and Human Machine Interface Technology (2006)Google Scholar
  32. 32.
    US Department of Energy Office of Independent Oversight The President’s Critical Infrastructure Protection Board & the Office of Energy Assurance and Performance Assurance. 21 Steps to Improve Cyber Security of SCADA Networks. U.S. Department of Energy (2002)Google Scholar
  33. 33.
    National Vulnerability Database, NVD (2007)Google Scholar
  34. 34.
    Open Source Vulnerability Database, OSVDB (2007)Google Scholar
  35. 35.
    D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  36. 36.
    Kozik, R., Choraś, M., Hołubowicz, W.: Fusion of Bayesian and Ontology Approach Applied to Decision Support System for Critical Infrastructures Protection. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 451–463. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  37. 37.
    IEC technical committee 57. Data and communications security, part 5: Security for iec 60870-5 and derivatives. IEC 62351-5 Second Committee Draft (2005)Google Scholar
  38. 38.
    Escudero, J.I., Rodrguez, J.A., Romero, M.C.: IDOLO: Multimedia Data Deployment On Scada Systems. In: Proc. of The IEEE PES Power Systems Conference And Exposition (2004)Google Scholar
  39. 39.
    Avallone, S., D’Antonio, S.: Using MPLS in a Wireless Mesh Network to Improve the Resiliency of SCADA Systems. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 440–450. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  40. 40.
    Lim, I.H., Kim, Y.I., Lim, H.T., Choi, M.S., Hong, S., Lee, S.J., Lim, S.I., Lee, S.W., Ha, B.N.: Distributed Restoration System Applying Multi-Agent in Distribution Automation System. In: IEEE PES General Meeting (2008)Google Scholar
  41. 41.
    Lo, Y.L., Wang, C.H., Lu, C.N.: A Multi-agent Based Service Restoration in Distribution Network with Distributed Generations. In: Proc. of The 15th International Conference on Intelligent System Applications to Power Systems, ISAP (2009)Google Scholar
  42. 42.
    Pridgen, A., Julien, C.: A secure modular mobile agent system. In: Proc. of The 2006 International Workshop on Software Engineering for Large-Scale Multi-Agent Systems, SELMAS (2006)Google Scholar
  43. 43.
    Suri, N., Bradshaw, J.M., Breedy, M.R., Groth, P.T., Hill, G.A., Jeffers, R., Mitrovich, T.S., Pouliot, B.R., Smith, D.S.: NOMADS: toward a strong and safe mobile agent system. In: Proc. of The Fourth International Conference on Autonomous Agents, AGENTS (2000)Google Scholar
  44. 44.
    Ketel, M.: A mobile agent based framework for web services. In: Proc. of The 47th Annual Southeast Regional Conference, ACM-SE (2009)Google Scholar
  45. 45.
    Pietre-Cambacedes, L., Sitbon, P.: Cryptographic Key Management for SCADA systems - Issues and Perspectives. In: Proc. of The International Conference on Information Security and Assurance (2008)Google Scholar
  46. 46.
    Patel, S.C., Yu, Y.: Analysis of SCADA Security Models. The International Management Review 3(2), 68–76 (2007)Google Scholar
  47. 47.
    Graham, J.H., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)Google Scholar
  48. 48.
    Graham, J.H., Patel, S.C.: Correctness Proofs for SCADA Communication Protocols. In: Proc. of The 9th World Multi-Conference on Systemics, Cybernetics and Informatics (2005)Google Scholar
  49. 49.
    Hieb, J.L., Graham, J.H., Patel, S.C.: Cyber Security Enhancements for SCADA and DCS Systems. In: Critical Infrastructure Protection: Issues and Solutions. Springer, Heidelberg (2007)Google Scholar
  50. 50.
    Patel, S.C.: Secure Internet-Based Communication Protocol for SCADA Networks. In: Doctoral Dissertation, University of Louisville, Louisville, Kentucky, USA (2006)Google Scholar
  51. 51.
    Lee, S., Choi, D., Park, C., Kim, S.: An Efficient Key Management Scheme for Secure SCADA Communication. In: Proc. of The International Conference on Power Electronics and Power Engineering, ICPEPE (2008)Google Scholar
  52. 52.
    Camtepe, S.A., Yener, B.: Key Distribution Mechanisms for Wireless Sensor Networks: a Survey. TR-05-07, Dept. of Computer Science, Rensselaer Polytechnic Institute (2005)Google Scholar
  53. 53.
    Wright, A.K., Kinast, J.A., McCarty, J.: Low-Latency Cryptographic Protection for SCADA Communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  54. 54.
    Beaver, C., Gallup, D., Neuman, W., Torgerson, M.: Key management for SCADA. Technical Report, SANDIA (2002)Google Scholar
  55. 55.
    UK National Infrastructure Security Coordination Centre. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks. TR - British Columbia Institute of Technology (2005)Google Scholar
  56. 56.
    Bace, R., Mell, P.: Nist special publication on intrusion detection systems (2001)Google Scholar
  57. 57.
    Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: A survey (2009)Google Scholar
  58. 58.
    Tucker, C.J., Furnell, S.M., Ghita, B.V., Brooke, P.J.: A new taxonomy for comparing intrusion detection systems. Internet Research 17(1) (2007)Google Scholar
  59. 59.
    Google Directory. Intrusion Detection SystemsGoogle Scholar
  60. 60.
    Dmoz Open Security Project. Intrusion Detection SystemsGoogle Scholar
  61. 61.
    Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K.: Using Model-based Intrusion Detection for SCADA Networks. In: Proc. of The SCADA Security Scientific Symposium (2007)Google Scholar
  62. 62.
    Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)Google Scholar
  63. 63.
    Yi, P., Tong, T., Liu, N., Wu, Y., Ma, J.: Security in Wireless Mesh Networks: Challenges and Solutions. In: Proc. of The Sixth International Conference on Information Technology: New Generations, ITNG (2009)Google Scholar
  64. 64.
    Patira, R., Saxena, M.: A Survey on Security and Challenges of Ad-Hoc Networks. In: Proc. of Recent Innovations in Software and Computers, RISC (2010)Google Scholar
  65. 65.
    Stoica, I., Morris, R., Karger, D., Kaashoek, F.M., Balakrishnan, H.: Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. In: Proc. of The ACM SIGCOMM Conference (2001)Google Scholar
  66. 66.
    Maymounkov, P., Mazières, D.: Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  67. 67.
    Rowstron, A.I.T., Druschel, P.: Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems. In: Liu, H. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  68. 68.
    Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: A Survey on Sensor Networks. IEEE Communications Magazine 40(8), 102–114 (2002)CrossRefGoogle Scholar
  69. 69.
    Alzaid, H., Park, D., Nieto, J.G., Boyd, C., Foo, E.: A Forward and Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA. In: Hailes, S., Sicari, S., Roussos, G. (eds.) S-CUBE 2009. LNICST, vol. 24, pp. 66–82. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Abdelmajid Khelil
    • 1
  • Daniel Germanus
    • 1
  • Neeraj Suri
    • 1
  1. 1.Computer Science DepartmentTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations