Comparison of Encryption Schemes as Used in Communication between SCADA Components

Robles, Rosslin John; Balitanas, Maricel O.; Caytiles, Ronnie D.; Gelogo, Yvette E.; Kim, Tai-hoon

doi:10.1109/ucma.2011.33

Cited by 10 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, the way in which data are made trustworthy is analyzed and discussed in Zafara et al [31], and in Qian et al [32]. The comparison of cryptographic algorithms and the unavoidable management of cryptographic keys that are used within SCADA infrastructures are discussed, and various solutions are devised as seen in Choi et al [25], Lim [26], Premnath et al [27], Robles et al [28], Rezai et al [29], [30]. These works all imply that ICS/SCADA environments of the future will need and will therefore have to find solutions to tackle the burden of cryptography and various cryptosystems on the overall operational performance of the system.…”

Section: Related Workmentioning

confidence: 99%

Experimenting With Digital Signatures Over a DNP3 Protocol in a Multitenant Cloud-Based SCADA Architecture

Marian

Cusman²,

Stinga

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The ideas presented in this paper are summarized as follows. The first idea entails improving the security of supervisory control and data acquisition (SCADA) architectures by means of asymmetric cryptography and digital signatures and measuring the performance overhead. This allows achieving some obvious subsequent goals such as data-origin authentication, and the traceability and implicit nonrepudiation of commands given to intelligent field and direct control equipment. The possibility to include digital signatures with a minimum impact on a standard and a reliable data communication protocol, such as Distributed Network Protocol version 3 (DNP3), also known to have a mature, industrially validated, opensource implementation, has been tested and the results are presented. A second idea concerns designing and developing a multitenant cloud-based architecture for a SCADA environment. This hypothesis focuses on certain SCADA operators that manage multiple industrial control systems (ICS) and intend to consolidate process data in a centralized manner. INDEX TERMS digital signatures, cybersecurity, SCADA, industrial control system, cloud-based services.

show abstract

Section: Related Workmentioning

confidence: 99%

Experimenting With Digital Signatures Over a DNP3 Protocol in a Multitenant Cloud-Based SCADA Architecture

Marian

Cusman²,

Stinga

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…, MD5 and SHA2) algorithms are deployed to secure the SCADA communication from networks adversaries such as message sniffers, man-in-the-middle attackers, eavesdroppers and password crackers, data interruption, and modification attackers, and others. As a consequence, cryptography based developments are considered more reliable and secure developments for SCADA systems [ 11 , 25 , 26 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 , 39 , 40 ]. In symmetric encryption, while the desired message is encrypted, this does not ensure that the message contents are not modified during transmission because a single secret can be shared between the sender and the receiver.…”

Section: Related Workmentioning

confidence: 99%

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks

Shahzad

Lee

Xiong

et al. 2016

Sensors

View full text Add to dashboard Cite

In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

show abstract

“…Homeland Security Department, Schweitzer Engineering Laboratories, Inc., the American Gas Association, and the Gas Technology Institute, have been vulnerable to security threats due to the Internet’s open connectivity [ 28 , 29 ]. These organizations and other researchers have developed several security solutions and protocols to guard against cyber-security issues, and the cryptography-based security mechanisms have been selected as the “best” security approaches for secure SCADA communications [ 26 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 , 39 , 40 , 41 , 42 ]. As a consequence, the DNP3 users group defined and described the cryptography approaches, such as the asymmetric and symmetric methods, to enhance the security of the DNP3 protocol; therefore, the details of several cryptography algorithms are available along with the information regarding their security parameters [ 43 , 44 , 45 , 46 , 47 , 48 , 49 , 50 , 51 , 52 , 53 , 54 , 55 , 56 , 57 ].…”

Section: Problem Statementmentioning

confidence: 99%

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

Shahzad

Lee

Kim

et al. 2016

Sensors

View full text Add to dashboard Cite

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

show abstract

Comparison of Encryption Schemes as Used in Communication between SCADA Components

Cited by 10 publications

References 0 publications

Experimenting With Digital Signatures Over a DNP3 Protocol in a Multitenant Cloud-Based SCADA Architecture

Experimenting With Digital Signatures Over a DNP3 Protocol in a Multitenant Cloud-Based SCADA Architecture

A Secure, Intelligent, and Smart-Sensing Approach for Industrial System Automation and Transmission over Unsecured Wireless Networks

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

Contact Info

Product

Resources

About