1 / 17

Improving the Cyber Security of SCADA Communication Networks

Improving the Cyber Security of SCADA Communication Networks. by Sandip C. Patel, Ganesh D. Bhatt, and James H. Graham communications of the acm july 2009 , vol. 52 , no. 7 報告人:俞丞峯. content. Abstract SCADA Architectures How secure are today’s SCADA systems?

beau-moore
Download Presentation

Improving the Cyber Security of SCADA Communication Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Improving the Cyber Security of SCADA Communication Networks by Sandip C. Patel, Ganesh D. Bhatt, and James H. Graham communications of the acm july 2009 ,vol. 52 ,no. 7 報告人:俞丞峯

  2. content • Abstract • SCADA Architectures • How secure are today’s SCADA systems? • Proposed Solutions to SCADA - Communication Security • Test-Bed Evaluation • Conclusion

  3. Abstract • SCADA: Supervisory control and data acquisition • SCADA networks enable operating many devices remotely such as track switches, traffic signals, electric circuit breakers, valves, relays, sensors, and water and gas pumps.

  4. Abstract • modern SCADA networks, integrated with corporate networks and the Internet, have become far more vulnerable to unauthorized cyber attacks. • for example, can manipulate traffic signals, electric-power switching stations, chemical process-control systems, or sewage-water valves, creating major concerns to public safety and health • http://www.cyberhunter.com.tw/portal/index.php/2009-01-03-02-19-42/900-scada

  5. SCADA系統攻擊矩陣表

  6. SCADA系統攻擊矩陣表

  7. SCADA Architectures

  8. SCADA Architectures

  9. SCADA應用領域 • 溫濕度記錄系統   • 空調計費系統 • 用電資料擷取 • 空氣品質監控

  10. How secure are today’s SCADA systems? • Typical SCADA security measures consist of physically securing MTUs, RTUs, and transmission media, and employing common cyber security defenses such as password protection and anti-virus utilities • Communication security • a “secret” phone number and “secret” proprietary protocols

  11. Proposed Solutions to SCADA - Communication Security • wrap SCADA protocols • use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol • use IPsec protocol • Enhance SCADA protocols with selected cryptography techniques • Authentication Octets • Authentication via Challenge Response

  12. Proposed Solutions to SCADA - Communication Security • Authentication Octets. This technique is based on digital-signature algorithm.

  13. Proposed Solutions to SCADA - Communication Security • Authentication via Challenge Response • This technique verifies the identity of an RTU or an MTU by using the challenge-response cryptography to protect against the man-in-the-middle attack.

  14. Correctness Proofs for Cryptography Techniques • selected On-the-Fly Model-Checker (OFMC), and Security Protocol Engineering and Analysis Resources (SPEAR) version II • OFMC was found to be appropriate because it succeeded in finding intruder attacks • SPEAR II, which uses Prolog-based analyzer, was found to be appropriate in verifying that the protocols functioned as intended

  15. Test-Bed Evaluation

  16. Test-Bed Evaluation • Table 1 shows a comparison of the performance among different security methods

  17. Conclusion • focused on the security of SCADA communication protocols and presented two possible security alternatives to confirm the soundness of these enhancements

More Related