JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Advanced protocol against MITM attacks in Industrial Control System
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Advanced protocol against MITM attacks in Industrial Control System
Ko, Moo-seong; Oh, Sang-kyo; Lee, Kyung-ho;
  PDF(new window)
 Abstract
If the industrial control system is infected by malicious worm such as Stuxnet, national disaster could be caused inevitably. Therefore, most of the industrial control system defence is focused on intrusion detection in network to protect against these threats. Conventional method is effective to monitor network traffic and detect anomalous patterns, but normal traffic pattern attacks using MITM technique are difficult to be detected. This study analyzes the PROFINET/DCP protocol and weaknesses with the data collected in real industrial control system. And add the authentication data field to secure the protocol, find out the applicability. Improved protocol may prevent the national disaster and defend against MITM attacks.
 Keywords
SCADA;ICS;Protocol;DNPSec;PROFINET;DCP;MITM;
 Language
Korean
 Cited by
 References
1.
SCADA, http://en.wikipedia.org/wiki/SCADA

2.
STUXNET, http://en.wikipedia.org/wiki/Stuxnet

3.
Mai Kiuchi, Eiji Ohba and Yoshizumi Serizawa, "Customizing Control System Intrusion Detection at the Application Layer," The SCADA Security Science Symposium, pp. 2-11, Jan. 2009

4.
Hadeli, Ragnar Schierholz, Markus Braendle, Cristian Tuduce and Sebastian Obermeier, "Leveraging Determinism in Industrial Control Systems for Advanced Anomaly Detection and Reliable Security Configuration," The SCADA Security Science Symposium, pp. 1-8, Sept. 2009

5.
Ron Gula, "Identifying Attacks on Control Systems by Scripting Event Aggregation and Correlation," The SCADA Security Science Symposium, pp. 1-6, Oct. 2006

6.
Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner and Alfonso Valdes, "Using Model-based Intrusion Detection for SCADA Networks," Proceedings of the SCADA security scientific symposium, pp. 1-12, Jan. 2007

7.
Wanjib Kim, Huykang Kim, Kyungho Lee and Heungyoul Youm, "Risk Analysis and Monitoring Model of Urban SCADA Network Infrastructure," Journal of The Korea Institute of Information Security & Cryptology, 21(6), pp. 67-81, Jun. 2011

8.
http://en.wikipedia.org/wiki/PROFINET

9.
PROFINET Manual, http://www.profinet.felser.ch/index.html?dcp_frame.htm

10.
Form of PROFINET DCP packet, http://www.industrialnetworx.com/forum/profinet/com-flag-not-set

11.
PROFINET protocol family, http://wiki.wireshark.org/PROFINET

12.
PROFINET Overview - DCP addressing and subnetting, http://us.profibus.com/docs/pi_white_paper_profinet_it_en_v1_0.pdf

13.
PROFINET Addressing, PROFINET System Description Technology and Application, http://www.automation.com/pdf_articles/profinet/PI_PROFINET_System_Description_EN_web.pdf

14.
DHCP Addressing, http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&objId=29451913&nodeid0=18977720&load=treecontent&lang=en&siteid=cseus&aktprim=0&objaction=csview&extranet=standard&viewreg=WW

15.
Constructing and sending DHCP messages, http://www.freesoft.org/CIE/RFC/2131/20.htm

16.
Pauline Koh, Hwajae Choi, Seryoung Kim, Hyukmin Kwon and Huykang Kim, "Intrusion Detection Methodology for SCADA system environment based on traffic self-similarity property," Journal of The Korea Institute of Information Security & Cryptology, 22(2), pp. 267-281, Apr. 2012

17.
Munir Majdalawieh, Francesco Parisi-Presicce and Duminda Wijesekera, "DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework," Advances in Computer, Information, and Systems Sciences, and Engineering, 2006 Springer, pp. 227-234, Oct. 2006

18.
Kim and Montgomery, "Behavioral and Performance Characteristics of IPSec/IKE in Large-Scale VPNs," Proceedings of the IASTED International Conference on Communication Network and Information Security, pp. 10-12, Dec. 2003

19.
Gordon Clarke and Deon Reynders, "Practical Modern SCADA Protocols:DNP3, 60870.5 and related systems," pp. 10-15, Newnes. 2004

20.
Erich Nahum, Sean O'Malley, Hilarie Orman, and Richard Schroeppe, "Towards High Performance Cryptographic Software," Citeseer, pp. 1-5, Oct. 1995

21.
Bruce Schneier, Kelsey, J., Whiting, D., Wagner, D., Hall and C. and Ferguson N., "Performance Comparison of the AES Submissions," NIST, pp. 1-20, Feb. 1999

22.
IEC 61850, http://en.wikipedia.org/wiki/IEC_ 61850

23.
Sangkyo Oh, Hyunji Chung, Sangjin Lee and Kyungho Lee, "Advanced Protocol to Prevent Man-in-the-middle Attack in SCADA System," International Journal of Security and Its Applications, vol. 8, no. 2, pp. 1-8, Jan. 2014

24.
BAGARIA, Sankalp PRABHAKAR, Shashi Bhushan and SAQUIB Zia, "Flexi-DNP3: Flexible distributed network protocol version 3 (DNP3) for SCADA security. In: Recent Trends in Information Systems (ReTIS)," 2011 International Conference on. IEEE, pp. 293-296, Dec. 2011

25.
MAJDALAWIEH, Munir WIJESEKERA and Duminda, "DNPSec Simulation Study." In Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications, 2007 Springer, pp. 337-342, Jan. 2007