Abstract
The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.
Chapter PDF
Similar content being viewed by others
References
O. Alhazmi, Y. Malaiya and I. Ray, Security vulnerabilities in software systems: A quantitative perspective, in Data and Applications Security XIX, S. Jajodia and D. Wijesekera (Eds.), Springer, Berlin-Heidelberg, pp. 281–294, 2005.
American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE), BACnet, ASHRAE SSPC 135, Atlanta, Georgia (www.bacnet.org).
M. Bishop, Computer Security: Art and Science, Addison-Wesley, Reading, Massachusetts, 2002.
A. Carcano, I. Nai Fovino, M. Masera and A. Trombetta, SCADA malware: A proof of concept, presented at the Third International Workshop on Critical Information Infrastructure Security, 2008.
R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa and S. Shenoi, Security strategies for SCADA networks, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 117–131, 2007.
A. Creery and E. Byres, Industrial cybersecurity for power system and SCADA networks – Be secure, IEEE Industry Applications, vol. 13(4), pp. 49–55, 2007.
G. Dondossola, J. Szanto, M. Masera and I. Nai Fovino, Effects of intentional threats to power substation control systems, International Journal of Critical Infrastructures, vol. 4(1/2), pp. 129–143, 2008.
J. Heo, C. Hong, S. Ju, Y. Lim, B. Lee and D. Hyun, A security mechanism for automation control in PLC-based networks, Proceedings of the IEEE International Symposium on Power Line Communications and its Applications, pp. 466–470, 2007.
D. Holmberg, BACnet Wide Area Network Security Threat Assessment, NISTIR 7009, National Institute of Standards and Technology, Gaithersburg, Maryland, 2003.
P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.
A. Jones and D. Ashenden, Risk Management for Computer Security: Protecting Your Network and Information Assets, Elsevier, Oxford, United Kingdom, 2005.
R. Leszczyna, I. Nai Fovino and M. Masera, Simulating malware with MAlSim, Computer Virology, EICAR 2008 Extended Version, 2008.
M. Majdalawieh, F. Parisi-Presicce and D. Wijesekera, DNPSec: Distributed Network Protocol Version 3 security framework, presented at the Twenty-First Annual Computer Security Applications Conference (Technology Blitz Session), 2005.
T. Mander, F. Nabhani, L. Wang and R. Cheung, Data object based security for DNP3 over TCP/IP for increased utility of commercial aspects of security, Proceedings of the IEEE Power Engineering Society General Meeting, pp. 1–8, 2007.
M. Masera, I. Nai Fovino and R. Leszczyna, Security assessment of a turbo-gas power plant, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 31–40, 2008.
Modbus IDA, MODBUS Application Protocol Specification v1.1a, North Grafton, Massachusetts (www.modbus.org/specs.php), 2004.
R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21(2), pp. 120–126, 1978.
M. Wiener, H. Handschuh, P. Pallier, R. Rivest, E. Biham and L. Knudsen, Performance comparison of public-key cryptosystems, smartcard crypto-coprocessors for public-key cryptography, chaffing and winnowing: Confidentiality without encryption, DES, Triple-DES and AES, CryptoBytes, vol. 4(1), 1998.
A. Wright, J. Kinast and J. McCarty, Low-latency cryptographic protection for SCADA communications, Proceedings of the Second International Conference on Applied Security and Network Security, pp. 263–277, 2004.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Fovino, I.N., Carcano, A., Masera, M., Trombetta, A. (2009). Design and Implementation of a Secure Modbus Protocol. In: Palmer, C., Shenoi, S. (eds) Critical Infrastructure Protection III. ICCIP 2009. IFIP Advances in Information and Communication Technology, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04798-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-04798-5_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04797-8
Online ISBN: 978-3-642-04798-5
eBook Packages: Computer ScienceComputer Science (R0)