Download template(3)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts
no text concepts found
Transcript 
Advanced key management techniques with security enhanced SCADA system
MANOJ B C
[email protected]
Abstract- Modern industrial facilities have
command and control systems. These
industrial command and control systems are
commonly called supervisory control and data
acquisition(SCADA). In the past, SCADA
system has the closed operating environment,
so this system were designed without security
functionality. These days, as a demand for
connecting the SCADA system to the open
network increases, the study of SCADA
system security is an issue.In this paper we
proposed an advanced key management
technique with security enhanced SCADA
system. An advanced key management
technique called ASKMA++and LKH++ for
efficient broadcast communication .Advanced
security mechanism (ASM) is also using here
for security.
INTRODUCTION
Supervisory control and data-acquisition
(SCADA) systems are control systems for any
national infrastructures. In the past, SCADA
systems were designed without security
functionality because of the closed operating
environment. However, the security of
SCADA Systems has become an issue with
connection to open networks becoming more
common. Any damage to the SCADA system
can have a widespread negative effect to
society. Thus the SCADA systems can be
vulnerable to a variety of attacks. Successful
attacks on the SCADA systems could have
devastating
consequences,
such
as
endangering public health and safety [2]. In
other words, any damage to the SCADA
system can have a widespread negative effect
to society. To prevent the damage, several
professional
organizations
have
been
researching the security of SCADA systems.
As the results of this research, the
organizations have been developing several
standards and reports. We provide a brief
overview of this work. we review security
requirements based on forementioned
standards and reports for the SCADA systems.
According to the security requirements, most
SCADA
systems
require
message
broadcasting and secure communications. In
this context, several key-management schemes
were suggested. ASKMA+ which is a more
efficient scheme that decreases the
computational
cost
for
multicast
communication. ASKMA+ reduces the
number of keys to be stored in a remote
terminal unit and provides multicast and
broadcast communications. Then proposes a
vulnerability assessment framework to
systematically evaluate the vulnerabilities of
SCADA systems at three levels: system,
scenarios, and access points. The proposed
method is based on cyber systems embedded
with the firewall and password models, the
primary mode of protection in the power
industry today. The impact of a potential
electronic intrusion is evaluated by its
potential loss of load in the power system. A
probabilistic model that offers a new direction
in measuring survivability. The proposed
model solves the issues with current models
by combining the formalism of Bayesian
networks with information diversity. Service
interdependencies are properly taken into
account and the information diversity metric is
used to represent service behavior. reviewing
constraints and security requirements for
SCADA systems and then investigate whether
the existing key-management protocols for the
SCADA systems satisfy these requirements.
Afterward, propose an advanced keymanagement architecture fitted for secure
SCADA communications. The contributions
1
of my work are two-fold. First, my scheme
supports both message broadcasting and
secure communication. Second, by evenly
spreading much of the total amount of
computation across high power nodes (MTU
or SUB-MTU), our protocol avoids any
potential performance bottleneck of the system
while keeping the burden on low power nodes
(RTU) at minimal. Then present an innovative
approach to the design of filtering systems
based on the state analysis of the system being
monitored. The aim is to detect attacks
composed of a set of “SCADA” commands
that, while licit when considered in isolation
on a single-packet basis, can disrupt the
correct behavior of the system when executed
in particular operating states. The proposed
firewall detects these complex attacks thanks
to an internal representation of the controlled
SCADA system. This paper discusses the use
of a communications network security device,
called a trust system, to enhance supervisory
control and data-acquisition (SCADA)
security. The major goal of the trust system is
to increase security with minimal impact on
existing utility communication systems. A
previous paper focused on the technical
operation of the trust system by augmenting
routers to protect User Datagram Protocol
(UDP)-based traffic. This paper concentrates
on placing the trust system into a broader
context,
creates
new
trust
system
implementations to increase its flexibility, and
demonstrates the trust system using TCP
traffic.
Literature Survey
1) Efficient secure group communications for
SCADA
Proposed the ASKMA+ which is a more
efficient key-management scheme supporting
efficient
multicast
communication
by
considering the number of keys to be stored in
a remote terminal unit (RTU). However,
SCADA systems have security vulnerabilities.
Any faults or damage to the SCADA system
can affect society severely. Thus, the study of
the SCADA system security is essential.
Specifically, my study focuses on the keymanagement scheme to support data
protection. Recently, in AKMA [1], the
authors proposed an advanced keymanagement architecture for secure SCADA
communication. They redefined security
requirements for a SCADA system, analyzed
the previous key-managemen protocols, and
proposed a new key-management scheme
suitable for secure SCADA communications.
While SKE and SKMA do not meet the
security requirements, AKMA satisfies the
security needs, in that it supports message
broadcasting and secure communications.
Although the overall performance of ASKMA
has many advantages compared to previous
studies, it can be less efficient during the
multicast communication process. Therefore,
we proposed ASKMA+ that is more efficient
and secure compared to existing schemes.
ASKMA+ Reduces the number of keys to be
stored and provides multicast and broadcast
communication for efficient and stable
operation of SCADA systems.
2) Advanced key management architecture for
secure SCADA communication
Proposed an advanced key-management
protocol for secure SCADA communications.
Most SCADA systems require message
broadcasting and secure communications. As
we described in the previous paper, although
the existing key-management schemes for
SCADA systems provide the secure unicast
communications, these schemes do not
support the secure message broadcasting.
Therefore, we propose a key-management
protocol to support both the message
broadcasting and secure communications.
Moreover, by evenly spreading much of the
total amount of computation across high
power nodes (MTU or SUB-MTU), our
protocol avoids any potential performance
bottleneck of the system while keeping the
burden on low power nodes (RTU) at
minimal. Most SCADA systems require
message
broadcasting
and
secure
communications. As we described in the
2
previous chapter, although the existing keymanagement schemes for SCADA systems
provide the secure unicast communications,
these schemes do not support the secure
message broadcasting. In this paper, we
proposed an advanced key-management
architecture
for
secure
SCADA
communications. The contributions of my
work are two-fold. First, my scheme supports
both the message broadcasting and the secure
communications. Second, by evenly spreading
much of the total amount of computation
across high power nodes (MTU or SUBMTU),our protocol avoids any potential
performance bottleneck of the system while
keeping the burden on low power nodes
(RTU) at minimal.
3) Vulnerability assessment of cybersecurity
for SCADA systems.
The proposed method is based on cyber
systems embedded with the firewall and
password models, the primary mode of
protection in the power industry today. The
impact of a potential electronic intrusion is
evaluated by its potential loss of load in the
power system. This capability is enabled by
integration of a logic-based simulation method
and a module for the power flow computation.
The IEEE 30-bus system is used to evaluate
the impact of attacks launched from outside or
from within the substation networks.
Countermeasures
are
identified
for
improvement of the cybersecurity. The
emphasis of this research includes the three
substation-level models for a cyber system. A
lower password policy threshold would lead to
a lower probability of success for the intrusion
attempts. However, the drawback of a low
threshold may result in a user account lockout,
which may well be caused by typographical
errors from authorized users. Case studies in
this research demonstrate variations of
vulnerability indices with respect to attacks
from insider and outside and the effectiveness
of a countermeasure. The proposed framework
can be used as a planning tool that assists
security analysts to identify the bottleneck of
the system where improvements are most
effective. There is a lack of statistical
information about intrusion attempts toward
the power infrastructure. This limitation can
be partially removed through future
development of the test beds for
comprehensive evaluations. Test beds are
powerful tools for development and evaluation
of mitigation and economic strategies.
4) Critical state based filtering system for
securing SCADA network protocols.
Proposed a new approach to the analysis
and the filtering of malicious packets based on
the concept of Critical State-Based Analysis
tailor-made for analyzing Modbus and DNP3
traffic, aimed at identifying complex attacks
which might interfere with the state of the
entire industrial installation. This technique is
based on monitoring the evolution of the state
of the protected system and on the analysis of
the command packets between master and
slaves of a SCADA architecture. The key
elements of this technique are the concept of
critical state and the observation that an
attacker, in order to damage an industrial
system, will have to modify its state from
secure to critical. The critical state validation,
normally hardly applicable in traditional ICT
systems, finds its natural application in the
industrial control field, where the critical
states are generally well-known and limited in
number. Moreover, the introduction of the
concept of critical state distance allowed to
extend the firewall features in the direction of
a more complete early warning system. The
results of the tests conducted on a prototype
implementing the
described
approach
demonstrated the feasibility and validity of the
proposed method. This approach presents
some advantages with respect to traditional
filtering
techniques: 1) Since the network filtering is
applied on the basis of the system evolution
(something known) and not on the basis of the
attack evolution (something unknown), for
predefined critical states, this approach allows
to block also “zero day attacks,” i.e., attacks
based on unknown techniques. 2) The number
of false positives results limited since the
3
traffic is dropped only if the analyzed
command will drive the system into a
described critical state. There are only two
cases in which we can have false positives or
false negatives: the case in which a critical
state has not been described (and this is an
error performed by who configured the
firewall rules) or if the real system and its
virtual image are desynchronized (and this is
due eventually to an error in the configuration
of the auto synchronization time between the
real system and the virtual system). On the
other hand, this technique, being conceived to
protect strictly the SCADA devices, cannot
protect from more traditional ICT attacks such
as virus attacks to general purpose ICT
systems, etc. For that reason, we see the
critical statebased filtering as a technique
complementary to the traditional firewall
techniques, helping in enhancing the security
of these systems. The configuration of the rule
set is not cheap in term of effort. However, to
facilitate this process, we are planning to
develop a self-discovery engine able to
automatically learn the configuration of the
system to be protected. Moreover, for the
future, we are planning to conduct a more
extended campaign of tests on real production
systems.
5) A trust system architecture for SCADA
network security
Concentrates on placing the trust system
into a broader context, creates new trust
system implementations to increase its
flexibility, and demonstrates the trust system
using TCP traffic. Specifically, expands on
previous work in the following ways: 1) the
article summarizes major threats against
SCADA systems; 2) it discusses new trust
system implementations, which allow the trust
system to be used with a wider array of
network-enabled equipment; 3) it discusses
key SCADA security issues in the literature
and shows how the trust system responds to
such issues; 4) shows the impact of the trust
system when widely prevalent TCP/IP
network communication is used; The proposed
trust system will comply with the strict
requirements of the SCADA network while
providing a secure environment. The trust
system is flexible and can be implemented in
whatever best way fits SCADA networks’
needs. The trust system enforces access
restrictions between IP addresses that should
not be allowed to communicate with one
another via specific message types and
interfaces. The trust system, implemented in
active mode, intercepts all malicious
messages. The research shows that a more
secure network can be established, using a
trust system, for the power grid. The trust
system is a step toward security for the Utility
network. In addition, there are a number of
recommendations that can be made in order to
strengthen existing security. Strict access
controls should be enforced and only the
minimum rights should be granted to an
individual to accomplish their jobs. Passwords
should be robust. Transmissions from RTU’s,
PLC’s, and IED’s should be protected by
digital certificates and digital signatures to
prevent unauthorized users from intercepting
the information or introducing false data into
the SCADA system. Finally, cybersecurity
needs to be a priority for system
administrators. SCADA systems are of
increasing interest to hackers and other
unauthorized users. Increasing levels of
communication and protocol standardization
will only increase the seriousness of this
threat. Administrators should take precautions
including closing unnecessary communication
ports, keeping system patches up to date, and
should keep up to date on current computer
security practices. The trust system in this
article can serve as an aid in many of these
recommendations, but administrators also
need constant vigilance to protect their
portions or the electric power grid.
6) A probabilistic model to predict the
survivability of SCADA systems
Proposed probabilistic model that offers a
new direction in measuring survivability. The
proposed model solves the issues with current
models by combining the formalism of
Bayesian networks with information diversity.
4
Service interdependencies are properly taken
into account and the information diversity
metric is used to represent service behavior. In
addition, the model is evaluated through a
simulation of a SCADA system, where the
entire process to construct and to use the
model
is
detailed.
A
survivability
quantification model that takes into account
service heterogeneity and interdependencies. It
is a novel model that uses only network traffic
to create a Bayesian network based on the data
exchanged among services, automatically
populates the Conditional Probability Tables
(CPT) and predicts the system survivability. A
new metric, called information diversity, to
analyse system’s behavior that takes a
different approach from the current models
that are based on performance metrics. By
using the formalism of Bayesian networks, the
proposed model is suitable to perform both
prediction and diagnosis. proposed a
survivability quantification model that takes
into account service heterogeneity and
interdependencies to compute the survivability
of SCADA systems. The proposed model uses
network traffic to compute the information
diversity score, which is used as a metric to
define services states. The services are
aggregated into a Bayesian network that is
used to compute the final survivability score
of the overall system. Preesented new models
to automatically building network structure of
Bayesian networks, and it also demonstrated
how to use the Bayesian network to infer
about the survivability of SCADA systems.
The proposed model uses a novel technique to
determine service states based on information
alone. The paper further demonstrated through
a case study, and by using a combination of
information
diversity
and
service
interdependence, one could probabilistically
evaluate the survivability of SCADA systems
under undesired events such as malicious
attacks. The proposed model has some
limitations that will be addressed as future
work. Currently, it does not handle systems
that provide some type of feedback loop, as
regular Bayesian networks do not support
cycles. This issue will be fixed by replacing
regular Bayesian networks with Dynamic
Bayesian networks [3], [4], which can handle
cyclic graphs through temporal discretization.
The proposed model also does not handle
disconnected graphs, in cases that the
communication between services generate
disconnected network structures. To overcome
this issue a heuristic that connects the network
structures will be proposed. And finally, the
limitation when a node (service) has too many
parents, consequently generating huge CPTs
also needs to be addressed. To address this
issue a network traffic similarity heuristic will
be used to combine parent nodes with similar
traffic into one parent node, consequently
decreasing the number of parents of the node.
Another possible way that will be investigated
is to replace the conditional probability tables
with functions that represent the same
distributions defined by the original
probability tables .
Proposed Method
1) Efficient secure group communications for
SCADA
Therefore, proposed ASKMA++ that is
more efficient and secure compared to existing
schemes. ASKMA++ Reduces the number of
keys to be stored and provides multicast and
broadcast communication for efficient and
stable operation of SCADA systems. This key
management technique will increase the
performance of the entire network .Using this
key management technique we can able to
increase the performance of the encryption
algorithms like DES, RSA etc.
2) Advanced key management architecture for
secure SCADA communication
Therefore proposed an advanced keymanagement architecture for secure SCADA
communications. The contributions of my
work are two-fold. First, our scheme supports
both the message broadcasting and the secure
communications. Second, by evenly spreading
much of the total amount of computation
across high power nodes (MTU or SUB-
5
MTU), our protocol avoids any potential
performance bottleneck of the system while
keeping the burden on low power nodes
(RTU) at minimal. The LKH+++ protocol
using here have great advantage. It generates a
new logical key hierarchy , the performance of
broadcasting can be improved by this tree
structure.
3) Vulnerability assessment of cyber security
for SCADA systems.
There is a lack of statistical information
about intrusion attempts toward the power
infrastructure. This limitation can be partially
removed through future development of the
test beds for comprehensive evaluations. Test
beds are powerful tools for development and
evaluation of mitigation and economic
strategies. Additional firewalls can be
included at different access points of the
network can improve the performance of the
network.
4) Critical state based filtering system for
securing SCADA network protocols.
The scenario in which an attacker is able
to inject malicious packets directly in the
network segment between the proxy and the
remote terminal unit, and the scenario in
which both the proxy and the master have
been corrupted and collaborate in order to
damage the process network.These two can be
eliminated by using advanced security
enhancement .Additional passwords should be
introduced between proxy and network
terminal. Advanced security measures will be
taken.
5) A trust system architecture for SCADA
network security
There are a number of recommendations
that This paper discusses the use of a
communications network security device,
called a trust system, to enhance supervisory
control and data-acquisition (SCADA)
security. The major goal of the trust system is
to increase security with minimal impact on
existing utility communication systems. A
previous paper focused on the technical
operation of the trust system by augmenting
routers to protect User Datagram Protocol
(UDP)-based traffic. This paper concentrates
on placing the trust system into a broader
context,
creates
new
trust
system
implementations to increase its flexibility, and
demonstrates the trust system using TCP
traffic. can be made in order to strengthen
existing security. Strict access controls should
be enforced and only the minimum rights
should be granted to an individual to
accomplish their jobs. Passwords should be
robust. Transmissions from RTU’s, PLC’s,
and IED’s should be protected by digital
certificates and digital signatures to prevent
unauthorized users from intercepting the
information or introducing false data into the
SCADA system. Finally, cybersecurity needs
to be a priority for system administrators.
SCADA systems are of increasing interest to
hackers and other unauthorized users.
Increasing levels of communication and
protocol standardization will only increase the
seriousness of this threat. Administrators
should take precautions including closing
unnecessary communication ports, keeping
system patches up to date, and should keep up
to date on current computer security practices.
The elements inside the trust system should be
inspected every day.
6) A probabilistic model to predict the
survivability of SCADA systems
The proposed model has some limitations
that will be addressed as future work.
Currently, it does not handle systems that
provide some type of feedback loop, as regular
Bayesian networks do not support cycles. This
issue will be fixed by replacing regular
Bayesian networks with Dynamic Bayesian
networks [3], [4], which can handle cyclic
graphs through temporal discretization. The
proposed model also does not handle
disconnected graphs, in cases that the
communication between services generate
disconnected network structures. To overcome
this issue a heuristic that connects the network
6
structures will be proposed. And finally, the
limitation when a node (service) has too many
parents, consequently generating huge CPTs
also needs to be addressed. To address this
issue a network traffic similarity heuristic will
be used to combine parent nodes with similar
traffic into one parent node, consequently
decreasing the number of parents of the node.
Another possible way that will be investigated
is to replace the conditional probability tables
with functions that represent the same
distributions defined by the original
probability tables .Introducing another
efficient dynamic network rather than
Bayesian networks to handle feedback loops
cycles etc.
Conclusion
SCADA systems have become common
place in national infrastructures such as
electric grids, water supplies, and pipelines.
However, the SCADA systems can be
vulnerable to a variety of attacks. If these
systems are under attack by terrorist, it can
have devastating consequences. To prevent the
damage, several professional organizations
have been researching about the security of
SCADA systems, but many security problems
still remain. This paper highlighted the keymanagement scheme for the SCADA systems
among the security problems. The connection
of industrial systems to the public network has
introduced new security problems in an
environment traditionally critical, and ICT
security countermeasures are not able to
completely protect such systems. SCADA
networks are vulnerable to attack, whether
from a digital source or a natural disaster. The
proposed trust system will comply with the
strict requirements of the SCADA network
while providing a secure environment. The
trust system is flexible and can be
implemented in whatever way best fits
SCADA networks’ needs. The trust system
enforces access restrictions between IP
addresses that should not be allowed to
communicate with one another via specific
message types and interfaces. The trust
system, implemented in active mode,
intercepts all malicious messages. The
research shows that a more secure network can
be established, using a trust system, for the
power grid. The trust system is a step toward
security for the Utility network.
References
[1] C. Ken, “A DNP3 Protocol Primer,” DNP
Users Group,Mar. 2005. [Online]. Available:
http://www.dnp.org/About/
DNP3%20Primer%20Rev%20A.pdf
[2] “Critical Infrastructure Protection:
Challenge And Efforts To Secure Control
Systems,” GAO, Rep. no. GAO-04-354, 2004.
[Online]. Available:
http://www.gao.gov
[3] D. Koller and N. Friedman, Probabilistic
GraphicalModels Principles and Techniques.
Cambridge, MA, USA: MIT Press, 2009
[4] M. Kafai and B. Bhanu, “Dynamic
Bayesian networks for vehicle classification in
video,” IEEE Trans. Ind. Inf., vol. 8, no. 1, pp.
100–109,Feb. 2012.
[5] Supervisory Control and Data Acquisition
(SCADA) Systems, National Communications
System, Technical Information Bulletin 04-1,
2004.
[Online].
Available:
http://www.ncs.gov/library/tech
bulletins/2004/tib 04-1.pdf.
[6] G. Ericsson, “Toward a framework for
managing information security for an electric
power utility—CIGRÉ experiences,” IEEE
Trans. Power Del., vol. 22, no. 3, pp. 1461–
1469, Jul. 2007.
[7] Sources: Staged Cyber Attack Reveals
Vulnerability in Power Grid, CNN U.S.
Edition,
2007.
[Online].
Available:
http://www.cnn.com/2007/US/09/26/power.at.
risk/index.html.
7
Related documents
Click to add title - toostusuudised.ee
Click to add title - toostusuudised.ee
NP-SCADASTOPT-International_3 - Nor
NP-SCADASTOPT-International_3 - Nor
A Cost Effective Mean to Transmit Real
A Cost Effective Mean to Transmit Real
LATE COMMENT commentletters
LATE COMMENT commentletters
Communication Protocol
Communication Protocol
Symbolic Honeynets for Gathering Cyber
Symbolic Honeynets for Gathering Cyber
SCADA in electrical power delivery
SCADA in electrical power delivery
Memo - Port of Seattle
Memo - Port of Seattle
Database Technology and Real Time Industrial Transaction
Database Technology and Real Time Industrial Transaction
data
data
SCADA Systems, RTOS
SCADA Systems, RTOS
On SCADA Control System Command and Response Injection and
On SCADA Control System Command and Response Injection and
HERE - Jemez Mountains Electric Cooperative, Inc.
HERE - Jemez Mountains Electric Cooperative, Inc.
The Integration of SCADA and Corporate IT
The Integration of SCADA and Corporate IT