Cyber Attack Challenges and Resilience for Smart Grids

Date of Acceptance: 31/08/2015Peer reviewedPostprin

Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS

As robotic systems spread, cybersecurity emerges as major concern. Currently most research autonomous systems are built using the ROS framework, along with other commercial software. ROS is a distributed framework where nodes publish information that other nodes consume. This model simplifies data communication but poses a major threat because a malicious process could easily interfere the communications, read private messages or even supersede nodes. In this paper we propose that ROS communications should be encrypted. We also measure how encryption affects its performance.We have used 3DES cyphering algorithm and we have evaluated the performance of the system, both from the computing and the communications point of view. Preliminary results show that symmetric ciphers using private keys impose significant delay

Proposal of a Secure Modbus RTU communication with Adi Shamir's secret sharing method

L

Proposal of a Secure Modbus RTU communication with Adi Shamir’s secret sharing method

Drinking fresh water, turning the lights on, travelling by tram, calling our family or getting a medical treatment are usual activities, but the underlying SCADA (Supervisory Control and Data Acquisition) systems like CIS (Critical Infrastructure Systems), ICS (Industrial Control Systems) or DCS (Distributed Control Systems) were always the target of many types of attacks, endangered the above mentioned simple activities. During the last decades because of the fast spread of the internet based services and the continuous technical development these systems become more vulnerable than ever. Full reconstruction and innovative changes in older SCADA systems has high cost, and it is not always rewarding. Communication protocols as Modbus (1979) serve as a main basis for SCADA systems, so security of Modbus has a major impact of the security of SCADA systems. Our paper raises and answers questions about the security of the Modbus RTU protocol. We focus on the serial Modbus protocol, because in that method we found many unsolved problems, like lack of authentication of the participants, lack of secure channel and so on. The aim of this paper to propose a secure communication alternative for Modbus RTU @ RS485 wire. The main advantage of the proposed method is the coexistence with traditional slaves and bus systems and only software update is necessary

Towards securing hard real-time networked embedded devices and systems : a cBPF implementation for an FPGA

In this body of work we describe preliminary work implementing a Berkely Packet Filter, in its original conception, in an FPGA. The purpose is packet filtering and ingress traffic shaping in security-relevant applications in distributed embedded nodes. We specifically target PROFINET nodes in hard real-time applications where network security is an open issue. We describe the motivation, implementation and verification including performance characteristics. We conclude that such a filter can be used to not only for protection against simple denial-of-service attacks but also for ingress protocol management and potentially for the implementation of system-wide security policies

Automatic Forensic Analysis of PCCC Network Traffic Log

Most SCADA devices have a few built-in self-defence mechanisms and tend to implicitly trust communications received over the network. Therefore, monitoring and forensic analysis of network traffic is a critical prerequisite for building an effective defense around SCADA units. In this thesis work, We provide a comprehensive forensic analysis of network traffic generated by the PCCC(Programmable Controller Communication Commands) protocol and present a prototype tool capable of extracting both updates to programmable logic and crucial configuration information. The results of our analysis shows that more than 30 files are transferred to/from the PLC when downloading/uplloading a ladder logic program using RSLogix programming software including configuration and data files. Interestingly, when RSLogix compiles a ladder-logic program, it does not create any lo-level representation of a ladder-logic file. However the low-level ladder logic is present and can be extracted from the network traffic log using our prototype tool. the tool extracts SMTP configuration from the network log and parses it to obtain email addresses, username and password. The network log contains password in plain text

Performance Evaluation of Modbus TCP in Normal Operation and under a Distributed Denial of Service Attack

Modbus is the de facto standard communication protocol for the industrial world. It was initially designed to be used in serial communications (Modbus RTU/ASCII). However, not long ago, it was adapted to TCP due to the increasing popularity of the TCP/IP stack. Since it was originally designed for controlled serial lines, Modbus does not have any security features. In this paper, we wrote several benchmarks to evaluate the performance of networking devices that run Modbus TCP. Parameters reported by our benchmarks include: (1) response time for Modbus requests, (2) maximum number of requests successfully handled by Modbus devices in a specific amount of time, and (3) monitoring of Modbus devices when suffering a Distributed Denial of Service attack. Due to the growing adoption of IoT technologies, we also selected two widely known and inexpensive development boards (ESP8266 and Raspberry Pi 3 B+/OpenPLC) to realize a performance evaluation of Modbus TCP

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented