SCADA System Security, Complexity, and Security Proof

Shbib, Reda; Zhou, Shikun; Alkadhimi, Khalil Ibrahim Hady

doi:10.1007/978-3-642-37015-1_35

Cited by 7 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In conclusion, the approximate security lies in the range of 60 to 80 percent, which is comparatively low relative to the current research, which computed security results of 95 to 98 percent. Therefore, this study and others [25,[29][30][31][35][36][37][38][39][40]59,[91][92][93][94][95][96][97][98]101,102] conclude that security in any system should be significantly improved if a security mechanism can be a part of a system rather depending on an end-to-end approach. However, security developments are quite difficult to design and test inside of the protocol and the required depth knowledge of the protocol and other implementation details except security performance are more accurate and remarkable in these scenarios.…”

Section: Performance Evaluation and Comparisonmentioning

confidence: 90%

“…However, the reference [88] conducted a study without deploying a cryptography buffer (or with a conceptual deployment) and transmission is limited to unicasting (or unicasting transmission). In general, several existing studies [91][92][93][94][95][96][97][98] were conducted to deploy and improve security in SCADA systems using cryptography mechanisms. Most of these are based on client/server architecture as part of a SCADA communication system.…”

Section: Performance Evaluation and Comparisonmentioning

confidence: 99%

See 1 more Smart Citation

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Shahzad

Lee

et al. 2015

Symmetry

View full text Add to dashboard Cite

Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods. OPEN ACCESSSymmetry 2015, 7 1177

show abstract

Section: Performance Evaluation and Comparisonmentioning

confidence: 90%

Section: Performance Evaluation and Comparisonmentioning

confidence: 99%

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Shahzad

Lee

et al. 2015

Symmetry

View full text Add to dashboard Cite

show abstract

“…Due to the evolution of technology, the advanced version of DNP3 provides interconnectivity over the Internet; the information travels through non-proprietary protocols, which reside below DNP3 [5,19]. Due to open connectivity, DNP3 has been vulnerable to Internet attacks; most DNP3 devices are configured, and communicate without any proper authentication mechanism or have little protection in the SCADA network against vulnerabilities [23][24][25][26][27][28][29][30]. Cryptography based security mechanisms [31] have been proposed for DNP3 by DNP3 users group, in which symmetric and asymmetric methods are defined and a detailed description of challenge-response technique is made to examine the security goals (or parameters), such as authentication and integrity, and to protect the transmission against attacks, such as replay, spoofing, and modification attacks [8,32,33], at the application layer.…”

Section: Background Studymentioning

confidence: 99%

“…Therefore, DNP3 frames are encapsulated in other security protocols including TLS/SSL and IPSec. A survey has been conducted on SCADA/DNP3 vulnerabilities [24][25][26][27]31], and mechanisms [32][33][34], such as anomaly detection and attacks detection, are used to detect the attacks, such as flooding attacks, DoSattack, spoofing, data modification, data reply, and man-in-the-middle attack, in SCADA/DNP3 communication [12,33,35,36]. A number of attacks is investigated [20,33,[35][36][37][38][39][40] by employing attack scenarios in the SCADA/DNP3 system, and the existence and potential influence of attacks are also measured.…”

Section: Background Studymentioning

confidence: 99%

“…SCADA security via cryptography mechanisms has been considered as a vital approach during transmission [19][20][21][22]. On the other hand, cryptography based approaches are deemed to be complex and heavy computational approaches during security design and development-especially, in industrial processing [8,10,19,[22][23][24][25]. The proposed study has analyzed the cryptography approaches, and then, employed the inclusive security solution in DNP3 which significantly increased the security of the SCADA system.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

et al. 2015

View full text Add to dashboard Cite

Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA) systems as a part of industrial control systems (ICS). SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems), especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3) stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security OPEN ACCESSSymmetry 2015, 7 1946 computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications.

show abstract

Securing industrial control system environments: the missing piece

Ani

Daniel²,

Oladipo

et al. 2018

Journal of Cyber Security Technology

View full text Add to dashboard Cite

Cyber-attacks on Industrial Control Systems (ICS) are no longer matters of anticipation. Industrial infrastructures are continually being targeted by malicious cyber actors with very little resistance on their paths. From network breaches to data theft, denial of service attacks to privilege escalation; command and control functions have in some way been exerted on targeted industrial systems. Safety, security, resilience, reliability and performance require private industrial control system user organizations and the public sector to device strategies and steps towards dealing decisively to these emerging and increasing ICS cyber security concerns. There are already couple security solutions proposed by governments, private organizations, academia, and industries for achieving this goal. This discourse reviews the ICS security risk landscape, current security strategies and solutions with a view to discovering the gaps or weaknesses in the effective mitigation of cyber-attacks, and the enhancement of cyber security. Notable fissures in existing ICS security solutions include: greater emphasis on technology security while discounting other critical bits like people and processes, which is clearly incongruent with emerging security threats and attack trends, the unilateral dimension strategy towards security which focuses more on SCADA systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions include approaches that follow similar evolutionary patterns as the problem trend. These include cyber security measures that would embrace constant evolution in response to changes in the threat, vulnerabilities, attacks, and impact domains. Solutions that recognise and capture; people, process, and technology security enhancement into a single system entity with holistic provisioning that can meet all three-entity vulnerabilities for a more secured ICS environment.

show abstract

SCADA System Security, Complexity, and Security Proof

Cited by 7 publications

References 10 publications

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

Securing industrial control system environments: the missing piece

Contact Info

Product

Resources

About