Method for authentication of sensors connected on Modbus TCP

Pricop, Emil; Fattahi, Jaouhar; Parashiv, Nicolae; Zamfir, Florin; Ghayoula, Elies

doi:10.1109/codit.2017.8102673

Cited by 9 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the authors of [19] analyzed potential methods for protecting Modbus/TCP, but stressed that asymmetric cryptographic methods are significantly slower than the symmetric ones, questioning the use of asymmetric cryptography in IACSs. In [20], the authors presented a BITW authentication method that does not modify Modbus/TCP but transmits the cryptographic authentication information in the TCP Options header field. It should be noted that the format and content of the TCP Options header is strictly defined by the Internet Assigned Numbers Authority (IANA) and should generally not be used for purposes other than those defined.…”

Section: Related Workmentioning

confidence: 99%

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

et al. 2023

View full text Add to dashboard Cite

Critical infrastructure (CI), such as energy and water distribution systems, is essential for the stability and well-being of the modern society. Industrial automation and control systems (IACSs) form the backbone of CIs and enable the operation of such systems in a safe and reliable manner. However, with the increasing use of industrial Ethernet communication protocols, such as Modbus-over-TCP (Modbus/TCP), once air-gapped IACSs are becoming vulnerable to potential cybersecurity threats. This paper presents a novel method for enhancing the cybersecurity of Modbus/TCP-based IACSs by implementing an authentication method based on message authentication codes (MACs). To provide partial protection of communication even when communicating with legacy Modbus/TCP peers, we propose a novel supervising device that analyzes exchanged messages and verifies the authenticity of the protected messages. To experimentally verify the protection method, a water-treatment cyber-physical system (CPS) was implemented as a digital twin in a programmable logic controller (PLC). The underlying MAC is the Chaskey-12, lightweight MAC defined in IEC 29192-6. It was implemented in the PLC program using the programming languages defined in IEC 61131-3. As an additional contribution, the presented implementation allows protection of communication between PLCs and other Modbus/TCP peers installed in existing IACSs without hardware or firmware modifications. The results show that the method provides protection against network attacks without significantly affecting performance, also demonstrating the feasibility of such protection in IACSs.INDEX TERMS Automation, communication system security, cyber-physical systems, industrial communication. III. CYBERSECURITY OF THE MODBUS/TCP COMMUNICATION PROTOCOL IGOR ERCEG (Member, IEEE) received the Dipl.Eng. and Ph.D. degrees in electrical engineering from the Faculty of Electrical Engineering and Computing, University of Zagreb, in 2004 and 2010, respectively. He is currently an Associate Professor with the Department of Electric Machines, Drives, and Automation, Faculty of Electrical Engineering and Computing, University of Zagreb. His research interests include industrial automation, cybersecurity in process control systems, control of electrical drives, and energy conversion systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Shang et al [11] proposed an industrial frewall design based on Modbus TCP protocol, which combined "whitelist" with frewall technology to efectively intercept illegal data streams and ensure the normal operation of industrial control systems. Pricop et al [12] proposed authentication through the hash algorithm and put the authenticated data in the option feld of TCP header. Alves et al [13] designed the intermediary agent OpenPLC.…”

Section: Related Workmentioning

confidence: 99%

Design and Implementation of a Lightweight Security-Enhanced Scheme for Modbus TCP Protocol

Liu

Liang

Wang

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

The advent of Industry 4.0 has made people pay more and more attention to the security of the industrial control system. As a common and typical communication protocol, Modbus does not consider the problem of data security at the beginning of its design, which provides opportunities for criminals. In this paper, we design a security scheme to protect the traditional Modbus TCP protocol, by using domestic encryption algorithms. As a result, the proposed scheme is able to identity authentication, data encryption, data integrity check, and anti-replay attacks. Security analysis and experimental results show that our proposed scheme solves the security problem of Modbus TCP protocol with minimal overhead increase.

show abstract

“…Furthermore, the infrastructure is exposed to information security risks, which may be attacked by hackers at any time, causing significant economic losses. The authors of [17] proposed a mechanism for the authentication of industrial control systems. During the transmission of Modbus TCP/IP packets, the hash code of authentication is generated by intercepting the header fields of the TCP packet to confirm the identity of the device.…”

Section: The Authentication Of the Industrial Internet Of Thingsmentioning

confidence: 99%

Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach

et al. 2022

View full text Add to dashboard Cite

The advanced connection requirements of industrial automation and control systems have sparked a new revolution in the Industrial Internet of Things (IIoT), and the Supervisory Control and Data Acquisition (SCADA) network has evolved into an open and highly interconnected network. In addition, the equipment of industrial electronic devices has experienced complete systemic integration by connecting with the SCADA network, and due to the control and monitoring advantages of SCADA, the interconnectivity and working efficiency among systems have been tremendously improved. However, it is inevitable that the SCADA system cannot be separated from the public network, which indicates that there are concerns over cyber-attacks and cyber-threats, as well as information security breaches, in the SCADA network system. According to this context, this paper proposes a module based on the token authentication service to deter attackers from performing distributed denial-of-service (DDoS) attacks. Moreover, a simulated experiment has been conducted in an energy management system in the actual field, and the experimental results have suggested that the security defense architecture proposed by this paper can effectively improve security and is compatible with real field systems.

show abstract

Method for authentication of sensors connected on Modbus TCP

Cited by 9 publications

References 4 publications

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

Design and Implementation of a Lightweight Security-Enhanced Scheme for Modbus TCP Protocol

Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach

Contact Info

Product

Resources

About