Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Advanced key management techniques with security enhanced SCADA system MANOJ B C [email protected] Abstract- Modern industrial facilities have command and control systems. These industrial command and control systems are commonly called supervisory control and data acquisition(SCADA). In the past, SCADA system has the closed operating environment, so this system were designed without security functionality. These days, as a demand for connecting the SCADA system to the open network increases, the study of SCADA system security is an issue.In this paper we proposed an advanced key management technique with security enhanced SCADA system. An advanced key management technique called ASKMA++and LKH++ for efficient broadcast communication .Advanced security mechanism (ASM) is also using here for security. INTRODUCTION Supervisory control and data-acquisition (SCADA) systems are control systems for any national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA Systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. Thus the SCADA systems can be vulnerable to a variety of attacks. Successful attacks on the SCADA systems could have devastating consequences, such as endangering public health and safety [2]. In other words, any damage to the SCADA system can have a widespread negative effect to society. To prevent the damage, several professional organizations have been researching the security of SCADA systems. As the results of this research, the organizations have been developing several standards and reports. We provide a brief overview of this work. we review security requirements based on forementioned standards and reports for the SCADA systems. According to the security requirements, most SCADA systems require message broadcasting and secure communications. In this context, several key-management schemes were suggested. ASKMA+ which is a more efficient scheme that decreases the computational cost for multicast communication. ASKMA+ reduces the number of keys to be stored in a remote terminal unit and provides multicast and broadcast communications. Then proposes a vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system, scenarios, and access points. The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system. A probabilistic model that offers a new direction in measuring survivability. The proposed model solves the issues with current models by combining the formalism of Bayesian networks with information diversity. Service interdependencies are properly taken into account and the information diversity metric is used to represent service behavior. reviewing constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, propose an advanced keymanagement architecture fitted for secure SCADA communications. The contributions 1 of my work are two-fold. First, my scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal. Then present an innovative approach to the design of filtering systems based on the state analysis of the system being monitored. The aim is to detect attacks composed of a set of “SCADA” commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. This paper discusses the use of a communications network security device, called a trust system, to enhance supervisory control and data-acquisition (SCADA) security. The major goal of the trust system is to increase security with minimal impact on existing utility communication systems. A previous paper focused on the technical operation of the trust system by augmenting routers to protect User Datagram Protocol (UDP)-based traffic. This paper concentrates on placing the trust system into a broader context, creates new trust system implementations to increase its flexibility, and demonstrates the trust system using TCP traffic. Literature Survey 1) Efficient secure group communications for SCADA Proposed the ASKMA+ which is a more efficient key-management scheme supporting efficient multicast communication by considering the number of keys to be stored in a remote terminal unit (RTU). However, SCADA systems have security vulnerabilities. Any faults or damage to the SCADA system can affect society severely. Thus, the study of the SCADA system security is essential. Specifically, my study focuses on the keymanagement scheme to support data protection. Recently, in AKMA [1], the authors proposed an advanced keymanagement architecture for secure SCADA communication. They redefined security requirements for a SCADA system, analyzed the previous key-managemen protocols, and proposed a new key-management scheme suitable for secure SCADA communications. While SKE and SKMA do not meet the security requirements, AKMA satisfies the security needs, in that it supports message broadcasting and secure communications. Although the overall performance of ASKMA has many advantages compared to previous studies, it can be less efficient during the multicast communication process. Therefore, we proposed ASKMA+ that is more efficient and secure compared to existing schemes. ASKMA+ Reduces the number of keys to be stored and provides multicast and broadcast communication for efficient and stable operation of SCADA systems. 2) Advanced key management architecture for secure SCADA communication Proposed an advanced key-management protocol for secure SCADA communications. Most SCADA systems require message broadcasting and secure communications. As we described in the previous paper, although the existing key-management schemes for SCADA systems provide the secure unicast communications, these schemes do not support the secure message broadcasting. Therefore, we propose a key-management protocol to support both the message broadcasting and secure communications. Moreover, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal. Most SCADA systems require message broadcasting and secure communications. As we described in the 2 previous chapter, although the existing keymanagement schemes for SCADA systems provide the secure unicast communications, these schemes do not support the secure message broadcasting. In this paper, we proposed an advanced key-management architecture for secure SCADA communications. The contributions of my work are two-fold. First, my scheme supports both the message broadcasting and the secure communications. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUBMTU),our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal. 3) Vulnerability assessment of cybersecurity for SCADA systems. The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system. This capability is enabled by integration of a logic-based simulation method and a module for the power flow computation. The IEEE 30-bus system is used to evaluate the impact of attacks launched from outside or from within the substation networks. Countermeasures are identified for improvement of the cybersecurity. The emphasis of this research includes the three substation-level models for a cyber system. A lower password policy threshold would lead to a lower probability of success for the intrusion attempts. However, the drawback of a low threshold may result in a user account lockout, which may well be caused by typographical errors from authorized users. Case studies in this research demonstrate variations of vulnerability indices with respect to attacks from insider and outside and the effectiveness of a countermeasure. The proposed framework can be used as a planning tool that assists security analysts to identify the bottleneck of the system where improvements are most effective. There is a lack of statistical information about intrusion attempts toward the power infrastructure. This limitation can be partially removed through future development of the test beds for comprehensive evaluations. Test beds are powerful tools for development and evaluation of mitigation and economic strategies. 4) Critical state based filtering system for securing SCADA network protocols. Proposed a new approach to the analysis and the filtering of malicious packets based on the concept of Critical State-Based Analysis tailor-made for analyzing Modbus and DNP3 traffic, aimed at identifying complex attacks which might interfere with the state of the entire industrial installation. This technique is based on monitoring the evolution of the state of the protected system and on the analysis of the command packets between master and slaves of a SCADA architecture. The key elements of this technique are the concept of critical state and the observation that an attacker, in order to damage an industrial system, will have to modify its state from secure to critical. The critical state validation, normally hardly applicable in traditional ICT systems, finds its natural application in the industrial control field, where the critical states are generally well-known and limited in number. Moreover, the introduction of the concept of critical state distance allowed to extend the firewall features in the direction of a more complete early warning system. The results of the tests conducted on a prototype implementing the described approach demonstrated the feasibility and validity of the proposed method. This approach presents some advantages with respect to traditional filtering techniques: 1) Since the network filtering is applied on the basis of the system evolution (something known) and not on the basis of the attack evolution (something unknown), for predefined critical states, this approach allows to block also “zero day attacks,” i.e., attacks based on unknown techniques. 2) The number of false positives results limited since the 3 traffic is dropped only if the analyzed command will drive the system into a described critical state. There are only two cases in which we can have false positives or false negatives: the case in which a critical state has not been described (and this is an error performed by who configured the firewall rules) or if the real system and its virtual image are desynchronized (and this is due eventually to an error in the configuration of the auto synchronization time between the real system and the virtual system). On the other hand, this technique, being conceived to protect strictly the SCADA devices, cannot protect from more traditional ICT attacks such as virus attacks to general purpose ICT systems, etc. For that reason, we see the critical statebased filtering as a technique complementary to the traditional firewall techniques, helping in enhancing the security of these systems. The configuration of the rule set is not cheap in term of effort. However, to facilitate this process, we are planning to develop a self-discovery engine able to automatically learn the configuration of the system to be protected. Moreover, for the future, we are planning to conduct a more extended campaign of tests on real production systems. 5) A trust system architecture for SCADA network security Concentrates on placing the trust system into a broader context, creates new trust system implementations to increase its flexibility, and demonstrates the trust system using TCP traffic. Specifically, expands on previous work in the following ways: 1) the article summarizes major threats against SCADA systems; 2) it discusses new trust system implementations, which allow the trust system to be used with a wider array of network-enabled equipment; 3) it discusses key SCADA security issues in the literature and shows how the trust system responds to such issues; 4) shows the impact of the trust system when widely prevalent TCP/IP network communication is used; The proposed trust system will comply with the strict requirements of the SCADA network while providing a secure environment. The trust system is flexible and can be implemented in whatever best way fits SCADA networks’ needs. The trust system enforces access restrictions between IP addresses that should not be allowed to communicate with one another via specific message types and interfaces. The trust system, implemented in active mode, intercepts all malicious messages. The research shows that a more secure network can be established, using a trust system, for the power grid. The trust system is a step toward security for the Utility network. In addition, there are a number of recommendations that can be made in order to strengthen existing security. Strict access controls should be enforced and only the minimum rights should be granted to an individual to accomplish their jobs. Passwords should be robust. Transmissions from RTU’s, PLC’s, and IED’s should be protected by digital certificates and digital signatures to prevent unauthorized users from intercepting the information or introducing false data into the SCADA system. Finally, cybersecurity needs to be a priority for system administrators. SCADA systems are of increasing interest to hackers and other unauthorized users. Increasing levels of communication and protocol standardization will only increase the seriousness of this threat. Administrators should take precautions including closing unnecessary communication ports, keeping system patches up to date, and should keep up to date on current computer security practices. The trust system in this article can serve as an aid in many of these recommendations, but administrators also need constant vigilance to protect their portions or the electric power grid. 6) A probabilistic model to predict the survivability of SCADA systems Proposed probabilistic model that offers a new direction in measuring survivability. The proposed model solves the issues with current models by combining the formalism of Bayesian networks with information diversity. 4 Service interdependencies are properly taken into account and the information diversity metric is used to represent service behavior. In addition, the model is evaluated through a simulation of a SCADA system, where the entire process to construct and to use the model is detailed. A survivability quantification model that takes into account service heterogeneity and interdependencies. It is a novel model that uses only network traffic to create a Bayesian network based on the data exchanged among services, automatically populates the Conditional Probability Tables (CPT) and predicts the system survivability. A new metric, called information diversity, to analyse system’s behavior that takes a different approach from the current models that are based on performance metrics. By using the formalism of Bayesian networks, the proposed model is suitable to perform both prediction and diagnosis. proposed a survivability quantification model that takes into account service heterogeneity and interdependencies to compute the survivability of SCADA systems. The proposed model uses network traffic to compute the information diversity score, which is used as a metric to define services states. The services are aggregated into a Bayesian network that is used to compute the final survivability score of the overall system. Preesented new models to automatically building network structure of Bayesian networks, and it also demonstrated how to use the Bayesian network to infer about the survivability of SCADA systems. The proposed model uses a novel technique to determine service states based on information alone. The paper further demonstrated through a case study, and by using a combination of information diversity and service interdependence, one could probabilistically evaluate the survivability of SCADA systems under undesired events such as malicious attacks. The proposed model has some limitations that will be addressed as future work. Currently, it does not handle systems that provide some type of feedback loop, as regular Bayesian networks do not support cycles. This issue will be fixed by replacing regular Bayesian networks with Dynamic Bayesian networks [3], [4], which can handle cyclic graphs through temporal discretization. The proposed model also does not handle disconnected graphs, in cases that the communication between services generate disconnected network structures. To overcome this issue a heuristic that connects the network structures will be proposed. And finally, the limitation when a node (service) has too many parents, consequently generating huge CPTs also needs to be addressed. To address this issue a network traffic similarity heuristic will be used to combine parent nodes with similar traffic into one parent node, consequently decreasing the number of parents of the node. Another possible way that will be investigated is to replace the conditional probability tables with functions that represent the same distributions defined by the original probability tables . Proposed Method 1) Efficient secure group communications for SCADA Therefore, proposed ASKMA++ that is more efficient and secure compared to existing schemes. ASKMA++ Reduces the number of keys to be stored and provides multicast and broadcast communication for efficient and stable operation of SCADA systems. This key management technique will increase the performance of the entire network .Using this key management technique we can able to increase the performance of the encryption algorithms like DES, RSA etc. 2) Advanced key management architecture for secure SCADA communication Therefore proposed an advanced keymanagement architecture for secure SCADA communications. The contributions of my work are two-fold. First, our scheme supports both the message broadcasting and the secure communications. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB- 5 MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal. The LKH+++ protocol using here have great advantage. It generates a new logical key hierarchy , the performance of broadcasting can be improved by this tree structure. 3) Vulnerability assessment of cyber security for SCADA systems. There is a lack of statistical information about intrusion attempts toward the power infrastructure. This limitation can be partially removed through future development of the test beds for comprehensive evaluations. Test beds are powerful tools for development and evaluation of mitigation and economic strategies. Additional firewalls can be included at different access points of the network can improve the performance of the network. 4) Critical state based filtering system for securing SCADA network protocols. The scenario in which an attacker is able to inject malicious packets directly in the network segment between the proxy and the remote terminal unit, and the scenario in which both the proxy and the master have been corrupted and collaborate in order to damage the process network.These two can be eliminated by using advanced security enhancement .Additional passwords should be introduced between proxy and network terminal. Advanced security measures will be taken. 5) A trust system architecture for SCADA network security There are a number of recommendations that This paper discusses the use of a communications network security device, called a trust system, to enhance supervisory control and data-acquisition (SCADA) security. The major goal of the trust system is to increase security with minimal impact on existing utility communication systems. A previous paper focused on the technical operation of the trust system by augmenting routers to protect User Datagram Protocol (UDP)-based traffic. This paper concentrates on placing the trust system into a broader context, creates new trust system implementations to increase its flexibility, and demonstrates the trust system using TCP traffic. can be made in order to strengthen existing security. Strict access controls should be enforced and only the minimum rights should be granted to an individual to accomplish their jobs. Passwords should be robust. Transmissions from RTU’s, PLC’s, and IED’s should be protected by digital certificates and digital signatures to prevent unauthorized users from intercepting the information or introducing false data into the SCADA system. Finally, cybersecurity needs to be a priority for system administrators. SCADA systems are of increasing interest to hackers and other unauthorized users. Increasing levels of communication and protocol standardization will only increase the seriousness of this threat. Administrators should take precautions including closing unnecessary communication ports, keeping system patches up to date, and should keep up to date on current computer security practices. The elements inside the trust system should be inspected every day. 6) A probabilistic model to predict the survivability of SCADA systems The proposed model has some limitations that will be addressed as future work. Currently, it does not handle systems that provide some type of feedback loop, as regular Bayesian networks do not support cycles. This issue will be fixed by replacing regular Bayesian networks with Dynamic Bayesian networks [3], [4], which can handle cyclic graphs through temporal discretization. The proposed model also does not handle disconnected graphs, in cases that the communication between services generate disconnected network structures. To overcome this issue a heuristic that connects the network 6 structures will be proposed. And finally, the limitation when a node (service) has too many parents, consequently generating huge CPTs also needs to be addressed. To address this issue a network traffic similarity heuristic will be used to combine parent nodes with similar traffic into one parent node, consequently decreasing the number of parents of the node. Another possible way that will be investigated is to replace the conditional probability tables with functions that represent the same distributions defined by the original probability tables .Introducing another efficient dynamic network rather than Bayesian networks to handle feedback loops cycles etc. Conclusion SCADA systems have become common place in national infrastructures such as electric grids, water supplies, and pipelines. However, the SCADA systems can be vulnerable to a variety of attacks. If these systems are under attack by terrorist, it can have devastating consequences. To prevent the damage, several professional organizations have been researching about the security of SCADA systems, but many security problems still remain. This paper highlighted the keymanagement scheme for the SCADA systems among the security problems. The connection of industrial systems to the public network has introduced new security problems in an environment traditionally critical, and ICT security countermeasures are not able to completely protect such systems. SCADA networks are vulnerable to attack, whether from a digital source or a natural disaster. The proposed trust system will comply with the strict requirements of the SCADA network while providing a secure environment. The trust system is flexible and can be implemented in whatever way best fits SCADA networks’ needs. The trust system enforces access restrictions between IP addresses that should not be allowed to communicate with one another via specific message types and interfaces. The trust system, implemented in active mode, intercepts all malicious messages. The research shows that a more secure network can be established, using a trust system, for the power grid. The trust system is a step toward security for the Utility network. References [1] C. Ken, “A DNP3 Protocol Primer,” DNP Users Group,Mar. 2005. [Online]. Available: http://www.dnp.org/About/ DNP3%20Primer%20Rev%20A.pdf [2] “Critical Infrastructure Protection: Challenge And Efforts To Secure Control Systems,” GAO, Rep. no. GAO-04-354, 2004. [Online]. Available: http://www.gao.gov [3] D. Koller and N. Friedman, Probabilistic GraphicalModels Principles and Techniques. Cambridge, MA, USA: MIT Press, 2009 [4] M. Kafai and B. Bhanu, “Dynamic Bayesian networks for vehicle classification in video,” IEEE Trans. Ind. Inf., vol. 8, no. 1, pp. 100–109,Feb. 2012. [5] Supervisory Control and Data Acquisition (SCADA) Systems, National Communications System, Technical Information Bulletin 04-1, 2004. [Online]. Available: http://www.ncs.gov/library/tech bulletins/2004/tib 04-1.pdf. [6] G. Ericsson, “Toward a framework for managing information security for an electric power utility—CIGRÉ experiences,” IEEE Trans. Power Del., vol. 22, no. 3, pp. 1461– 1469, Jul. 2007. [7] Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid, CNN U.S. Edition, 2007. [Online]. Available: http://www.cnn.com/2007/US/09/26/power.at. risk/index.html. 7