180 likes | 660 Views
Improving the Cyber Security of SCADA Communication Networks. by Sandip C. Patel, Ganesh D. Bhatt, and James H. Graham communications of the acm july 2009 , vol. 52 , no. 7 報告人:俞丞峯. content. Abstract SCADA Architectures How secure are today’s SCADA systems?
E N D
Improving the Cyber Security of SCADA Communication Networks by Sandip C. Patel, Ganesh D. Bhatt, and James H. Graham communications of the acm july 2009 ,vol. 52 ,no. 7 報告人:俞丞峯
content • Abstract • SCADA Architectures • How secure are today’s SCADA systems? • Proposed Solutions to SCADA - Communication Security • Test-Bed Evaluation • Conclusion
Abstract • SCADA: Supervisory control and data acquisition • SCADA networks enable operating many devices remotely such as track switches, traffic signals, electric circuit breakers, valves, relays, sensors, and water and gas pumps.
Abstract • modern SCADA networks, integrated with corporate networks and the Internet, have become far more vulnerable to unauthorized cyber attacks. • for example, can manipulate traffic signals, electric-power switching stations, chemical process-control systems, or sewage-water valves, creating major concerns to public safety and health • http://www.cyberhunter.com.tw/portal/index.php/2009-01-03-02-19-42/900-scada
SCADA應用領域 • 溫濕度記錄系統 • 空調計費系統 • 用電資料擷取 • 空氣品質監控
How secure are today’s SCADA systems? • Typical SCADA security measures consist of physically securing MTUs, RTUs, and transmission media, and employing common cyber security defenses such as password protection and anti-virus utilities • Communication security • a “secret” phone number and “secret” proprietary protocols
Proposed Solutions to SCADA - Communication Security • wrap SCADA protocols • use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol • use IPsec protocol • Enhance SCADA protocols with selected cryptography techniques • Authentication Octets • Authentication via Challenge Response
Proposed Solutions to SCADA - Communication Security • Authentication Octets. This technique is based on digital-signature algorithm.
Proposed Solutions to SCADA - Communication Security • Authentication via Challenge Response • This technique verifies the identity of an RTU or an MTU by using the challenge-response cryptography to protect against the man-in-the-middle attack.
Correctness Proofs for Cryptography Techniques • selected On-the-Fly Model-Checker (OFMC), and Security Protocol Engineering and Analysis Resources (SPEAR) version II • OFMC was found to be appropriate because it succeeded in finding intruder attacks • SPEAR II, which uses Prolog-based analyzer, was found to be appropriate in verifying that the protocols functioned as intended
Test-Bed Evaluation • Table 1 shows a comparison of the performance among different security methods
Conclusion • focused on the security of SCADA communication protocols and presented two possible security alternatives to confirm the soundness of these enhancements