Implementation of Secure DNP3 Architecture of SCADA System for Smart Grids

With the recent advances in the power grid system connecting to the internet, data sharing, and networking enables space for hackers to maliciously attack them based on their vulnerabilities. Vital stations in the smart grid are the generation, transmission, distribution, and customer substations are connected and controlled remotely by the network. Every substation is controlled by a Supervisory Control and Data Acquisition (SCADA) system which communicates on DNP3 protocol on Internet/IP which has many security vulnerabilities. This research will focus on Distributed Network Protocol (DNP3) communication which is used in the smart grid to communicate between the controller devices. We present the DNP3 SAv5 and design a secure architecture with Public Key Infrastructure (PKI) on Asymmetric key encryption using a Certificate Authority (CA). The testbed provides a design architecture between customer and distribution substation and illustrates the verification of the public certificate. We have added a layer of security by giving a password to a private key file to avoid physical tampering of the devices at the customer substations. The simulation results show that the secure communication on the TLS layer provides confidentiality, integrity, and availability

Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5

Most of the world’s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol’s three sub-protocols. In doing so, we consider the full state machine, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard’s intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols. Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard

Secure Authentication in the Grid: A Formal Analysis of DNP3 SAv5

Most of the world's power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol's sub-protocols. In doing so, we consider the full state machine, the protocol's asymmetric mode, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard's intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols. Our analysis shows that the core DNP3: SAv5 design meets its intended security properties. Notably, we show that a previously reported attack does not apply to the standard. However, our analysis also leads to several concrete recommendations for improving future versions of the standard

Symbolically Analyzing Security Protocols Using Tamarin

During the last three decades, there has been considerable research devoted to the symbolic analysis of security protocols and existing tools have had considerable success both in detecting attacks on protocols and showing their absence. Nevertheless, there is still a large discrepancy between the symbolic models that one specifies on paper and the models that can be effectively analyzed by tools. In this paper, we present the Tamarin prover for the symbolic analysis of security protocols. Tamarin takes as input a security protocol model, specifying the actions taken by the agents running the protocol in different roles (e.g., the protocol initiator, the responder, and the trusted key server), a specification of the adversary, and a specification of the protocol’s desired properties. Tamarin can then be used to automatically construct a proof that the protocol fulfills its specified properties, even when arbitrarily many instances of the protocol’s roles are interleaved in parallel, together with the actions of the adversary

Honeypots for Automatic Network-Level Industrial Control System Security

The proposed doctoral work investigates a new approach to implement, deploy and manage honeypots for Industrial Control Systems (ICS). Our goal is to address unique challenges of ICS security in terms of interactivity, resource utilization, timeliness of detection and uninterrupted operation, which are much stricter compared to traditional systems, making the existing approaches inefficient. Our proposal combines different levels of interactivity and coupling of the honeypots with the ICS network to satisfy trade-offs of detection accuracy and risk, and integrates the honeypot detection feeds with an SDN framework to enable autonomic reconfiguration

An investigation into some security issues in the DDS messaging protocol

The convergence of Operational Technology and Information Technology is driving integration of the Internet of Things and Industrial Control Systems to form the Industrial Internet of Things. Due to the influence of Information Technology, security has become a high priority particularly when implementations expand into critical infrastructure. At present there appears to be minimal research addressing security considerations for industrial systems which implement application layer IoT messaging protocols such as Data Distribution Services (DDS). Simulated IoT devices in a virtual environment using the DDSI-RTPS protocol were used to demonstrate that enumeration of devices is possible by a non-authenticated client in both active and passive mode. Further, modified sequence numbers were found to be a potential denial of service attack, and malicious heartbeat messages were fashioned to be effective at denying receipt of legitimate messages

Modelling the IEC 61850 and DNP3 Protocol Using OPNET in an Electrical Substation Communication Network

Communication protocols are a composite of supervisory control and data acquisition (SCADA) and they are used by the devices connected on the SCADA network. In this paper the distributed network protocol (DNP3) and International Electrotechnical Commission IEC 61850 communication protocols were modelled in OPNET. The simulation of DNP3 and IEC 61850 communication protocol is done in different scenarios and the traffic behavior is analyzed. The DNP3 protocol is modelled as the medium protocol of communication during the maintenance of a 400kV Transformer at an Electrical Substation. Its network traffic behavior is then analyzed for this operation. The IEC 61850 protocol is then used as a medium of communication in the same Electrical Substation communication network (SCN) when a faulty backbone switch is present. In this scenario the network traffic behavior is again analyzed. The DNP3 simulation during the maintenance of the 400 kV Transformer shows that the model is working since the throughput is consistent without dropped packets at the Substation RTU end and the 400kV Transformer IED end. The IEC 61850 simulation when a faulty backbone switch is present shows that the model is working in this scenario since the throughput is again consistent. When the IEC 61850 protocol is modelled on the SCN, the time delay is 80 μs during normal operation and with a faulty switch the delay is 100 μs for this protocol. This shows that for the IEC 61850 model the time delay increases when there is a faulty backbone switch but not exceedingly since there is a backup switch in the structure. In the DNP3 model during the maintenance of the 400kV Transformer the time delay is approximately 160 μs. The IEC 61850 protocol performs approximately twice as fast as the DNP3 protocol during normal operation in an SCN.University of South AfricaElectrical and Mining Engineerin