1 Introduction

In SCADA (Supervisory control and data acquisition) system, numbers of field devices are remotely connected with main controller. At controller center, human machine interface (HMI) is designed with high definition resolution which visualizes the overall communication and performs data acquisition and operations of SCADA system. HMI is a major source for end users or operators to manage and control the field devices from control center. Usually, data acquisition and control information are visualized graphically which made convenient for SCADA operator [7, 25, 39, 42]. Meaning that, each end user can views the system processing and information in the style of mimic figures and using simulation designs [25, 39].

In simulation designs [7, 25, 28, 39], SCADA system is entirely presented and operators graphically in HMI. For example, in water pumping system the water levels are monitor using sensors. In-case water level is high or low in water tank, the sensors define the status and this status would be simultaneously visualized on HMI, at controller center. If number of sensors or other field devices are configured in SCADA system and generate the input/output points thus, all information or each device points are presented separately in integrated HMI.

In SCADA system, the nodes (or field devices) are connected with main controller and usually, the communication is also initiated and controlled from main controller. This type of communication is also designated as unbalanced systems, where main controller is authorized to initiates the communication. While in distributed network protocol (DNP3), which is designed as balanced systems [7, 42] provides advance characteristics and flexibilities, in which each and every node within SCADA hierarchical network is authorized to initializes the communication as primary or main controller with others as secondary or sub-controllers. In balanced systems, all configured nodes in the SCADA network are treated equally, and each node has right to initialize the communication. The terms unbalanced and balanced systems have created confusion at the data link layer of DNP3 protocol. At data link layer, it is difficult to identify which station is primary or secondary, when each node has equaled rights in balance systems. However, primary and secondary stations are distinguished at application layer of DNP3. Data link layer provides reliable communication between the recipients in SCADA system. At the data link layer, up to 65536 addresses are provided and the range FFF0-FFFF is designated for broadcasting communication [7, 42]. The message broadcasting is the important aspect of SCADA/ DNP3 system and usually, addresses are assigned logically to each participated node during SCADA broadcasting (transmission). In broadcasting, security is one of the major challenge because the initial design of DNP3 protocol is without any security concerns therefore, security mechanism is required that should able to provide protection [8, 9, 21, 24, 44].

A new trusted solution is implemented in SCADA system through TCP/IP protocols without accounts of performance impact [24, 28]. The research reviews the underlying security threads and specifies the recommendations for SCADA system such as intranet uses, security system requirements, security system implementation which includes active, passive, half-Active, and tunnel modes and secure system applications. Few challenges are specified against SCADA broadcasting security issues such as user authentication, access control, information interception or modification, and internet security [8, 9, 17, 21] and potential cyber-attacks are also analyzed in SCADA broadcasting transmission, such as unauthorized access, modifications, denial of service, eavesdropping, information leakage, masquerade, sniffers, repudiation, data alter, and others [10, 18, 26, 40]. As the result, security, access availability and reliability are the most importance performance factors acquired within SCADA system and must be achieved, while connected with open networks [24, 28]. Therefore, the proposed study reviews the importance of message broadcasting during unbalanced systems connectivity, over internet and subsequently, deployed an inclusive cryptography solution to overcome the security issues that are commonly founded in SCADA system [9, 21, 28, 32, 44].

Contribution

This study follows the concept of unbalance system of DNP3 protocol, the main controller is authorized to initiates the transmission, and transmits message to connected nodes in SCADA system. Using the phenomena of unbalance system, a new security development has made for SCADA/DNP3 broadcasting system.

2 Problem statement

The broadcasting communication is a main concerned of SCADA (Supervisory control and data acquisition) systems. In many situations, main controller transmits a message to each and every sub-controller which is connected in SCADA system (s). The message will be any type such as initiates communication, command, and alert alarm and file information [7]. In broadcasting transmission, security is a big issue that has been faced by SCADA systems such as electric stations, water pumping systems, wastes water system and oil and gas industries [7, 28, 33, 42]. Several security solutions have been employed to secure the SCADA systems, but they have several dependences, and limited to unicasting communication [28, 34, 41]. A cryptography based security solutions are accounted as best approaches for SCADA security enhancements, without any dependency from other protocols [12, 13, 22, 28].

At other side, the security developments via cryptography techniques are real in the case of SCADA broadcasting communication because these types of implementations are usually ponderous in the terms of key generation, and distribution with complex mathematical workflow [28, 38]. So, an optimized cryptography based security solution is required that significantly secure the SCADA broadcasting communication, without performance impact. In proposed implementation; an inclusive security mechanism via cryptography is selected with broadcasting aspects in mind and also significantly enhanced the SCADA security during message broadcasting.

Research objectives

The main objective of this study is threefold:

  1. i.

    A DNP3 stack is designed and security is deployed before broadcasting to open networks.

  2. ii.

    A new cryptography dynamic buffer (CDB) is employed, which keeps and tracks the information of protocol bytes, and security development.

  3. iii.

    SCADA/DNP3 testbed is designed to perform the experiments and to compute the security results for evaluation. The formal proofs are employed that validate the proposed security development.

3 Simulation model and design

In simulation, SCADA water pumping system is designed; information is collected through sensors, and delivered to sub-controllers. In system, water is collected from main storage and distributed to local storage through motor. A level sensor is directly attached with local storage which checks the water level inside the local storage (or tank) and pressure sensor is used to check water pressures (incoming/outgoing) inside the pipes. If the water level is according to set points of main controller then, operation either heating or cooling is performs. In-case, water is low inside local storage then; sub-controller deactivates the pumping operations and activates the water pump to fill the local storage according to set points.

Main controller set the points or transmits the bytes to, and remote units (RUs) set the instructions according to set points [33]. Typically, remote units (RUs) are connected with, and sensors are configured to send information that is relative with pumping system [28, 44]. In this study, word ‘simulation’ is used for water pumping system which takes the information from, and sensor controls with remote unit (RU). While each RU receives, and transmits the information from/to main controller. The word ‘testbed’ is used which shows the detail configuration and connectivity between main controller and remote units (RUs). Figure 1 shows the water pumping system with sensors connectivity.

Fig. 1
figure 1

Simulation design of water pumping system

Full size image

The overall interaction between main controller and sub-controllers are specified by DNP3 protocol which employed non-proprietary protocol such as UDP (user datagram protocol) to communicate over internet [31]. In transmission, DNP3 protocol is act as upper layer or standing above then UDP [31, 34]. Meaning that, DNP3 frames are encapsulated in UDP packets and then, transmitted over internet. Upon receiving, sub-controllers response back to main controllers via TCP/IP protocols usually, the transmission is one-to-one or unicasting transmission [28]. At man controller side, human machine interface (HMI) keep and monitor the information of each sub-controller, and collected information would be simultaneously stored in historian or in database [28, 31]. In study, the historian is deployed in MySQL and DNP3 model is designed and deployed in C#.

3.1 DNP3 modeling and security development

In this section, we have explained the basic terminologies if DNP3 protocol message structure, basic bytes flow in stack, security development and formal proof, with corresponding examples.

DNP3 is a layered based open protocol, and based on enhanced performance architecture (EPA) model which has three layers in its stack such as application layer, data link layer and physical layer. DNP3 protocol adds additional layer called pseudo-transport layer which performs the limited functionalities of transport and network layers of OSI (open system interconnection) model [7, 42].

Figure 2 shows the DNP3 model design, in-which protocol bytes are constructed and security is deployed, and tested as additional layer at each layer of DNP3 protocol. Physical layer is not accounted because; DNP3 frames are directly encapsulated in UDP protocol which provides the services to make connectivity with remote devices through internet.

Fig. 2
figure 2

DNP3 stack model and design

Full size image

Random user bytes are received from human machine interface (HMI) (or user application layer) to application layer stack, these bytes are managed into fixed sized blocks called application service data units (ASDUs). Header bytes are added with ASDU/ASDUs which made the application protocol data unit (APDU). However, size of ASDU blocks are not fixed but each APDU size limited to 1990/1992 bytes, in-cases of sends/response message. Each ASDU block contains main two subfields including object header and data objects, while object header field contains 3—11 bytes information, and is further divided into three subfields including object (O), Qualifier (Q) and Range (R). More detail related with object header is depicted in Table 1 and the acronyms are not exactly defined by original documentation of DNP3 protocol [7, 28].

Table 1 Object header fields
Full size table

Two types of messages are defined at application layer such as, sending message form main controller and response message from sub-controller (s), The messages are distinct by header field or application protocol control information (APCI), sending message header contains two bytes length fields called application control AC) and function code (FC), while two additional bytes length is employed as internal indication (IIN) in response header or/and in response message [7, 28].

In APCI, number of function codes is employed to specify the meaning of message in the cases of send message and response message. The application layer function codes, and related fields information of sending/response message are as follows [7]:

In Table 2, the security bytes such as IE, EE, 1A and EE, are sampled specified bytes which indicate the security development of application layer message. In other words, these bytes represent the security codes which ensure that security has been deployed and should be tested at other side (or at receiver side). The bytes shown as ‘XX’ are bytes which are not placed in command (or message). The shaded area shows the padding bytes which ensure that bytes are constructed with security development within boundary of application layer stack.

Table 2 Function codes, fields and security bytes
Full size table

The application layer or APDU bytes are treated as user bytes in pseudo-transport layer. We can also say that, APDU bytes are assembled as transport service data unit (TSDU) bytes in pseudo-transport layer and further subdivide into fixed size data block, and each block size is limited up to 249 bytes. One byte length of header field or transport protocol control information (TPCI) is added with each data block and transport protocol data unit (TPDU) is formed. At received side, the TPCI is stripped off from each data block and TSDU bytes are reformed which should be further employed at application layer. The keyword ‘pseudo’ is placed with transport layer which performs the limited functionalities of transport layer and network layer of OSI seven layer model.

Each TPDU is limited up to 250 bytes in length and further assemble as link service data unit (LSDU) in data link layer of DNP3 protocol. Link header field or link protocol control information (LPCI) contains 10 bytes and added with LSDU, which makes the link protocol data unit (LPDU) or frame. In link layer, each frame size is limited up to 260 bytes, plus 32 bytes of cyclic redundancy check (CRC). However, in this research the CRC bytes are considered as optional bytes or would be unitized in cryptography dynamic buffer (CDB), upon needs [28, 40].

Data link layer is used to setup the logical connection between sender and receiver and keeps reliable message (or data) communication over physical channel. In LPCI, 2 bytes are allocated to source and destination addresses, which define 65536 distinct addresses and the addresses range FFF0–FFFF is designated for broadcasting communication. The terms balance and unbalance systems are also specified at data link layer. In balance system, each node can initials the communication either main controller or sub-controller (s). In this research, unbalance system is employed therefore; only main controller is authorized to initiates communication and sub-controllers should response accordingly. In LPCI, number of function codes is defined that perform initialization operation, and also test the logical connectivity between main controller and sub-controller (s) [7]. Some link layer function codes and corresponding descriptions are depicted in Table 3.

Table 3 Link layer function codes [7]
Full size table

  • Algorithm: bytes flow within DNP3 Stack: Logical ‘n’ bytes are being broadcasted from main controller to remote units (RUs). The bytes are constructed and manipulated in SCADA/DNP3 protocol (stack) and then, encapsulated in UDP protocol in internet protocol suite which defines the ways to transmit DNP3 protocol frames to the destination address.

    • 1: Compute application layer message as X f(D, H), number of ‘X’ bytes are received from user application layer and function ‘f’ is performed to compute the data bytes and header bytes.

      $$ {f}_1\to \mathrm{Comp}\left(\mathrm{D},\mathrm{H}\right),\kern0.5em {f}_1\in f $$

      Here, the compute bytes or f 1 → Comp(D) are application services data unit (ASDU) bytes and application protocol control information (APCI) bytes as f 1 → Comp(H) are added to form the application protocol data unit (APDU). Each APDU size is limited to 1992 bytes.

      $$ =\sum_{k=0}^n{\left[\mathrm{Comp}\left(\mathrm{D}\right),\mathrm{Comp}\left(\mathrm{H}\right)\right]}^n $$

      Fragment = APDU = APCI+ ASDU

      Request: APCI or header = 1 byte (AC) + 1 byte (FC) = 2 bytes

      Reponses: APCI = 1 byte (AC) + 1 byte (FC) + 2 bytes (IIN) = 4 bytes

      Application Control (AC):

      [FIR, FIN, CON, SEQ Number] // Application Control Field

      [FIR, FIN, CON, MU/RU Timeout] // Application Flow Control

      Function Code (FC): Code = ‘0’ is used for confirmation and other detail codes are depicted in Table 2.

      Here are some flow sequences which show the general transaction of message (or bytes) followed by format as [FIR, FIN, CON, SEQ Number] or [First APDU, Final APDU, Confirmation, sequence]. These flows are optional, and employed to understand the basic message transactions of DNP protocol.

      • Flow 1: Single APDU request from MU to RU without Confirmation:

        Master application control = MU_AC [1, 1, 0, 9] // Request send to RU without Confirmation.

        If RU send response to MU request .Then,

        Master application control = MU_AC [1, 1, 0, 9] // Confirmation from MU

      • Flow 2: Single APDU request from MU to RU with Confirmation:

        Master application control = MU_AC [1, 1, 1, 9] // Request send to RU with Confirmation

        If RU sends response to MU request. Than Master application control = MU_AC [1, 1, 0, 9] // Confirmation from MU

      • Flow 3: Single APDU request from MU to RU and multiply APDUs response from RU to MU, without Confirmation:

        Master application control = MU_AC [1, 1, 0, 5] // Request send to RU without Confirmation

        RU send response to MU requested APDU 1

        Master application control = MU_AC [1, 1, 0, 5] // Confirmation from MU

        RU send response to MU requested APDU 2

        Master application control = MU_AC [1, 1, 0, 6] // Confirmation from MU

      • Flow 4: Single APDU request from MU to RU and multiply APDUs response from RU to MU, with Confirmation:

        Master application control = MU_AC [1, 1, 1, 5] // Request send to RU with Confirmation

        RU sends confirmation to MU.

        RU send response to MU requested APDU 1

        Master application control = MU_AC [1, 1, 0, 5] // Confirmation from MU

        RU send response to MU requested APDU 2

        Master application control = MU_AC [1, 1, 0, 6] // Confirmation from MU

      After construction of application protocol data unit (APDU) bytes with/without confirmation bit from application layer, control is shifted to lower layers of SCADA/DNP3 protocol.

    • 2: Compute Pseudo-Transport message as Q f(D, BH), ‘Q’ bytes of application layer are assembled and function ‘f’ is performed to compute the data bytes (D), data blocks (B) and header bytes (H).

      APDU bytes are received from application layer and assembled as TSDU bytes (or data bytes). We can also say, the APDU bytes are directed mapped with TSDU bytes.

      $$ {f}_2\to \left(\mathrm{Q}\to \mathrm{D}\right) $$

      The TSDU bytes are distributed in number of data blocks (B) and each block contains 249 bytes.

      D ~ B (b 0, b 1, b 2, ….., b n and f 2 → Comp(B, H), f 2 ∈ f

      Here, the compute bytes or f 2 → Comp(B) are data blocks and transport protocol control information (TPCI) bytes as f 2 → Comp(H) are added to form the transport protocol data unit (TPDU). Each TPDU size is limited to 250 bytes.

      $$ ==\sum_{k=0}^i{\left[\mathrm{Comp}\left(\mathrm{B}\right),\mathrm{Comp}\left(\mathrm{H}\right)\right]}^i $$

    • Compute Data Link layer message as J f(D, H), maximum of ' J ' bytes are received and assembled as user bytes from pseudo-transport layer and function ‘f’ is performed to compute the data bytes (D) and header bytes (H).

      $$ {f}_3\to \mathrm{Comp}\left(\mathrm{D},\mathrm{H}\right),\kern0.5em {f}_3\in f $$

      Here, the compute bytes or f 3 → Comp(D) are link services data unit (LSDU) bytes and link protocol control information (LPCI) bytes as f 3 → Comp(H) are added to form the link protocol data unit (LPDU). Each LPDU size is limited to 260 bytes, plus optional CRC bytes.

      $$ =\sum_{k=0}^l{\left[\mathrm{Comp}\left(\mathrm{D}\right),\mathrm{Comp}\left(\mathrm{H}\right)\right]}^l $$

      Link Protocol Data Unit (LPDU) = LPCI+ LSDU = 292 bytes

      LPCI (Link protocol control information) or header = 2 byte (Start) + 1 byte (Length) + 1 byte (Control) + 2 byte (Destination Address) + 2 byte (Source Address) + 2 byte (CRC, Optional) = 10 bytes

      LSDU (Link Service Data Unit) or Data bytes = 250 byte

      Subsequently, data link layer frames are encapsulated into internet protocol suite in-placed of original physical layer of DNP3 protocol. The functions or f 0, f 1f 2, f 3 ∈ f and f 0 is employed for special purposes such as test bytes status and perform bytes padding.

      More precisely, we have conducted some tests to check the DNP3 protocol stack bytes flow during request and response messages through protocol test harness [43]. More detail is visualized in following screen shots or in Figs. 3 and 4.

      Fig. 3
      figure 3

      Request bytes flow of DNP3 protocol [43]

      Full size image
      Fig. 4
      figure 4

      Response bytes flow of DNP3 protocol

      Full size image

In below sections, security is implemented within DNP3 protocol stack, a new inclusive scenario is designed to visualize and representation the logical bytes of DNP3 stack with security bytes and in last section, cryptography dynamic buffer (CDB) is employed which keeps the information of whole security development.

3.2 New DNP3 stack design and bytes representation

In Fig. 5, a new detail DNP3 logical stack has been designed which shows the bytes flow from upper layer to lower layer and/or vice versa, with security implementation bytes. Logical 48 bytes are shown in application layer buffer, which represent the constructed bytes included user bytes, application layer header bytes and cryptography bytes (security implementation bytes). These bytes are constructed and placed in number of rows as RW0 to RW9 and columns ‘CL0’ to ‘CLn’ with corresponding offsets. The value ‘n’ shows the total number of bytes within columns but number of rows is fixed up to nine (or 0—9). Usually, in application layer the request or response bytes are placed and distinct by header bytes and communication is flown as unicast. While during broadcasting of bytes from main controller to several receivers, the address range such as FFF0-FFF is added in link layer header fields: source field and destination address field, based on network setup [7, 40]. The cases, which have been occurred during logical communication of application layer from sender to receiver and/or vice versa, plus pseudo-transport layer and data link layer flows are as followed:

Fig. 5
figure 5

DNP3 protocol stack with CDB

Full size image

The APDU bytes are constructed in application layer with the implementation of security, then bytes are passed to lower layer for further processing [7, 28]. The shaded bytes in whole DNP3 stack are representing the padding bytes and the bytes ‘xx,xx,xx,….’, are allocated for CDB, while the bytes in row no.9 with corresponding offset 0x0100 are reserved for especial cases or future development. The more detail related with bytes representation is depicted in Table 4.

Table 4 DNP3 stack bytes representation
Full size table

The proposed study trends to secure the SCADA/DNP3 broadcasting system using cryptography mechanism. In cryptography [28, 38], public key encryption flow is not appropriates for broadcasting communication, the main reasons indentified by study are: the number of keys generation, keys distribution and keys utilization [19, 47]. Therefore, this study used symmetric and hashing algorithms to enhance the security of SCADA/DNP3 system during bytes broadcasting from main controller to remote units (RUs).

3.3 Security implementation

Two security developments are made to observe the level of security during SCADA/DNP3 broadcasting transmission, and designated as S-bed1 and S-bed2, In S-bed1; 3-way hashing is computed in-which SHA-2 algorithm is deployed at each layer means that, SHA-2 is deployed at application layer, pseudo-transport layer and data link layer of DNP3 and symmetric encryption using AES algorithm is deployed at application layer. In security development or S-bed2; 3-way hashing function is deployed at each layer which is application layer, pseudo-transport layer and data link layer of DNP3 and symmetric encryption is deployed at application layer and data link layer. More detail related with security development is illustrated in Fig. 6, while in Table 5 cryptography algorithms are selected at each layer in DNP3 stack and shaded area shows the absence of security implementation (or symmetric encryption).

Fig. 6
figure 6

Security developments

Full size image
Table 5 Security selection in DNP3 stack
Full size table

Significance

The security developments such as S-bed1 and S-bed2 are tested in SCADA/DNP3 testbed setup (or network setup) illustrated in Fig. 8. Subsequently in Fig. 10, the range of RUs is increased up to sixteen with additional router ‘R4’ and switch ‘S3’, and also afterward, to check the level of security during traffic increased.

Proof (Security Development and message broadcasting)

The BR = (1, 2, 3,…., n-1, n) is a set of recipients R, which have received the broadcasting message ‘M’ from main controller ‘C’. The number of recipients in set ‘BR’ is static and ‘n’ is generated by controller ‘C’. Such that,

Xf Qf ∧J f ⊆ Mf, which have constructed in DNP3 stack through function ' f '.

$$ \underset{E,H}{\kern0.28em \Longleftrightarrow \kern0.28em }\exists :\forall {\mu}^{AL}\left(f:\mathrm{X}\right)\wedge \exists :\forall {\alpha}^{TL}\left(f:\mathrm{Q}\right)\wedge \exists :\forall {\beta}^{DL}\left(f:J\right)\subseteq {\mathrm{M}}^f\wedge \left(\mu, \alpha, \beta \right)\in f $$

The functions μ, α, and β are security computing functions which perform the encryption (E) and hashing (H). ε

  • Bytes Broadcast:

    $$ \forall {\mu}_{\left(E,H\right)}^{AL}:f\left\{{\displaystyle \sum_i^k}{\mu}^{AL}\left(f:\mathrm{X}\right)\right\}\Rightarrow \forall {\alpha}_{(H)}^{TL}:f\left\{{\displaystyle {\sum}_i^k{\alpha}^{TL}}\left(f:Q\right)\right\}\Rightarrow \forall {\beta}_{(H)}^{DL}:f\left\{{\displaystyle \sum_i^k}{\beta}^{DL}\left(f:J\right)\right\}\in {\mathrm{M}}^f\left|\right|CDB:\mathrm{B}R\left({\mathrm{R}}_{\left(i\dots ..,\ n-1,\ n\right)}\ \right) $$
    (1)

  • Bytes Received: Direct Function

    $$ \forall {\beta}_{(H)}^{DL}:f\left\{{\displaystyle \sum_i^k}{\beta}^{DL}\left(f:J\right)\right\}\Rightarrow \forall {\alpha}_{(H)}^{TL}:f\left\{{\displaystyle {\sum}_i^k{\alpha}^{TL}}\left(f:Q\right)\right\}\Rightarrow \forall {\mu}_{\left(E,H\right)}^{AL}:f\left\{{\displaystyle {\sum}_i^k{\mu}^{AL}}\left(f:X\right)\right\}\in {\mathrm{M}}^f\left|\right|CDB $$
    (2)

  • Bytes Received: In-Direct Function. Eq. (2) ⟹

    $$ \mathrm{R}:\ {f}_n:{j}_{f_{\to }{f}_n}^{DL}\left\{{f}_r:{j}_{HB}\left(f:{j}_{UB}^{DL},f:{j}_{CRC}^{DL}\right)\right\}\Rightarrow \mathrm{R}:{f}_n:{j}_{f_{\to }{f}_n}^{DL}\left({j}_{UB}^{DL}\right)\in {\mathrm{M}}^f\left|\right|CDB $$
    (2.1)
    $$ \mathrm{R}:\ {f}_n:{Q}_{f_{\to }{f}_n}^{TL}\left\{{f}_r:{\mathrm{Q}}_{HB}\left(f:{Q}_{UB}^{TL}\right)\right\}\Rightarrow \mathrm{R}:{f}_n:{Q}_{f_{\to }{f}_n}^{TL}\left({Q}_{UB}^{TL}\right)\in {\mathrm{M}}^f\left|\right|CDB $$
    (2.2)
    $$ \mathrm{R}:\ {f}_n:{\mu}_{f_{\to }{f}_n}^{AL}\left\{{f}_r:{\mu}_{HB}\left(f:{\mu}_{UB}^{AL}\right)\right\}\Rightarrow \mathrm{R}:\ {f}_n:{\mu}_{f_{\to }{f}_n}^{AL}\left({\mu}_{UB}^{AL}\right)\in {\mathrm{M}}^f\left|\right|CDB $$
    (2.3)

    Splitting of header bytes ‘HB’ from user bytes’UB’ within each layer of DNP stack and subsequently, bytes are utilized at upper layer. Where ‘i’ represents the total number of bytes generated within stack with limit ‘k’ and ‘CDB’ shows the number of bytes utilized during security deployment. If the optional confirmation bit is set in message broadcast then, each recipient reply followed by one-to-one or unicast communication.

3.4 Cryptography dynamic buffer

In Fig. 4, the cryptography dynamic buffer (CDB) contains number of fields including source address, destination broadcasting addresses, cryptography key sequence, cryptography (bytes): dynamic storage (bytes), option (bytes), padding (dynamic bytes), acknowledgment, non-critical (bytes), critical (bytes), and solution (select method) [40]. CDB is employed to keep the tracks of security in proper sequence and store and monitor the overall information of stack and security development. The CDB is based on 56 bytes from application layer stack and remaining 1992 bytes are constructed as application protocol data unit (APDU) bytes which would further utilize in lower layer (s) of DNP3. More detail related with CDB fields is depicted in Table 6.

Table 6 CDB fields and description
Full size table

The performance measurements in Fig. 7 shows that CDB space is sufficient during security development and relevant information storage, even in-case of maximum bytes have been received from application layer.

Fig. 7
figure 7

CDB bytes allocation and utilization

Full size image

4 Testbed configuration and setup

In SCADA tesbed in Fig. 8, eight remote units (RUs) are employed which are indirectly connected with the physical environment through the direct access of sensors in water pumping system. Four remote units (RUs) are located in station 1 and remaining RUs are located in station 2, and are monitored and controlled from main controller (side). Main controller is superior in SCADA network, which is designed and configured to control, and to send supervisory commands to designated remote units (RUs) [28, 31]. In station 1, remote units (RUs), such as RU1, RU2, RU3, and RU4, are connected with switch ‘S1’; while in station 2, remote units (RUs), such as RU5, RU6, RU7, and RU8, are connected with switch ‘S2’. Main controller initiates the transmission and broadcast the message (or command) to each station via router ‘R1’, which is configured and further connected and/or accessed with the designated routers 2 and 3. This study follows a static structure for SCADA/DNP3 broadcasting system, in which, remote units (RUs) are defined and known in advance, and accounted at main controller side. As consequence to restrict the dynamic entry of RU, the man-in-the-middle attack could not successful in broadcasting communication [3, 14, 29]. Figure 9 shows the SCADA lab views where the measurements are conducted.

Fig. 8
figure 8

SCADA/DNP3 testbed configuration and setup

Full size image
Fig. 9
figure 9

SCADA lab views

Full size image

In Fig. 10, the remote units (RUs) are increased up to sixteen. The additional eight remote units (RUs), such as RU9, RU10, RU11, RU12, RU13, RU14, RU15, and RU16, are located in station 3 via switch ‘S3’ and router ‘R4’, and are statically configured and/or updated at main controller side or in routing table of Router ‘R1’.

Fig. 10
figure 10

SCADA/DNP3 testbed nodes increased

Full size image

Two security developments have been made for SCADA broadcasting communication followed by the scenario of Figs. 8 and 10. Thus, the shorter name is assigned for each security development as S-bed1 and S-bed2.

5 Performance measurement and analysis

In Table 7, the attacks including, authentication attacks: guessing shared key, brute force, and password guessing; integrity attacks: frame injection, data replay, and data deletion; and confidentiality attacks: eavesdropping, key cracking, and man-in-the-middle, are launched by employing of attack tools such as, cracking tools, sniffer, dsniff, winsniffer, and password dictionary for authentication attacks; airpwn, file2air, dinject/reinject, capture and injection tools, jamming and injection tools for integrity attacks; and ethereal, ettercap, kismet, aircrack, airsnort, dsniff, and ettercap for confidentiality attacks, which interrupt/change the normal flow of SCADA broadcasting transmission (or warm the SCADA broadcasting traffic) [12, 28, 31]. The attack tools are employed and designated as potential attackers for SCADA/DNP3 broadcasting system, and to change the normal sequence of communication in between the main controller and the remote units (RUs). The performances that were observed during abnormal scenarios prove the validation (process) of security implementation and also assess the security that attained corresponding to impact, and attack impact percentages were measured on the basis of attack detection percentages in broadcasting system. For example, some attacks were detected but their influences (or impacts) were minimal or equivalent to zero thus, these attacks are not accounted in total of attacks detection percentages.

Table 7 Performance measurement and evaluation
Full size table

In performance Fig. 11, the attack detection is 15 percentages, while attack impact on system is 7 percentages and security attained is approximately 93 percentages, which validate the proposed security implementation. At the other side in performance Fig. 12, the attack detection and impact percentages have decreased to 8 percentages and 3 percentages, and the security is increased up to 97 percentages in SCADA/DNP3 broadcasting system. The total number of authentication and confidentiality attacks exceed due to the absence of symmetric encryption at data link layer, which created performance difference between S-bed1 and S-bed2 measurements.

Fig. 11
figure 11

S-bed1: attack detection

Full size image
Fig. 12
figure 12

S-bed2: attack detection

Full size image

In performance Fig. 13, the network traffic has been increased and successful experiments are performed 100 times to measure the security level during abnormal communication. As results analysis, the level of security is decreased as increasing of network nodes within SCADA/DNP3 testbed. As consequence, this study also shows the significant security enhancement while comparing with existing works [1, 46, 11, 23, 27, 30, 32].

Fig. 13
figure 13

S-bed2: attack detection during nodes increased

Full size image

6 Related study

Four field devices are employed to conduct the experiments. Master station or ‘merging unit (MU)’ send the message to remote station or substation with the speed of 960 Hz. Upon remote station message receive; the intelligent electronic device (IED) collect and sends back response to master station through remote station. If IED detects any intrusion or anomaly during transmission, then response ‘GOOSE message’ is transmitted back to master station and further processing (of actuator functions) will depend on master station acknowledgment. As the result; message authentication, confidentiality and integrity mechanisms have been deployed between master station and remote station, using of advance encryption standard (AES) 256, HMAC and MD5 as part of cryptography [2, 22, 35]. The IEC 61850 standard is used to simulate the SCADA communication between the field devices and deployed the cryptography solutions for message security. The performance overhead is also calculated that is based on encryption and decryption operations [16, 36, 45].

Traditionally, control systems had been designed without security consideration in mind and emphasize only on physical security. Nowadays, large number of developments relevant with SCADA security is conducted such as using firewalls, DMZs and other Key encryption and distribution solutions, but these developments are based on end-to-end message delivery [20, 28]. Schweitzer Engineering Laboratories, Inc reviews several exiting security developments and then an inclusive security solution is proposed for SCADA electric industry, and cryptography based solutions are suggested as best approaches for SCADA system security. The research paper [13] provides detail review: on cryptography algorithms, their implementation, advantages and disadvantages of cryptography solutions, and the major attacks that creates vulnerabilities in SCADA communication [33, 34, 46].

A message is encrypted at master station and transmitted to all remote stations within SCADA network. Upon receiving, each remote station performs decryption process using asymmetric keys. This approach is infeasible because same message is encrypted many times and all stations have acquired to generate the public and private keys during SCADA broadcasting communication [38]. In another research; master station generates multiple packets and encrypts each packet with each remote station public key, but this solution acquired much time and also impact on performance. The hash function provides integrity mechanism and safety measurements from attacks, such as data reply, data modify, and data delete. Master station generates the hash digest of message that is being transmitted to remote stations and also encrypts the hash digest with private key; this function act as digital signature [28, 34]. Upon receiving at each remote station; each station uses master public key to decrypt the message. This would verify and concludes that the message is secured and unauthorized entity (or attacker) is involved during transmission. The encryption and hash functions are placed at the each end of IEC 61850 protocol message header that are to achieve the security goals, such as authentication and integrity, within SCADA communication [15, 22, 37, 45].

7 Conclusion and future work

Security is a main concern that has been accounted in information technology (IT), many security mechanisms are available but are limited in design and development for secure SCADA broadcasting system, and are also not commonly available for the traditional systems. In this study, an inclusive development was made that secure the SCADA/DNP3 broadcasting system with the best performance evaluation and validation of security, which have been measured in abnormal communication. As consequence, the performance results concluded that the level of security is successfully enhanced for SCADA/DNP3 broadcasting system, while implementing of proposed inclusive security within SCADA/DNP3 protocol before transmitting the protocol bytes to open protocols or networks.

In the future work, the proposed inclusive security solution will be deployed and tested in real environment in which hundreds of SCADA nodes are interconnected with main controller and/or several sub-controllers are interconnected with main-controller, as similar to distributed computing. However, the proposed security development was limited in the terms to contribute for other security parameter, such as non-repudiation. In cryptography, the digital signature algorithm is available and considered as a best approach for achieving of non-repudiation security for sensitive information. Therefore, digital signature algorithm would be deployed to keep the SCADA/DNP3 broadcasting system secure against non-repudiation attacks.