240 likes | 506 Views
Simulation of Network Attacks on SCADA Systems. Rohan Chabukswar, Bruno Sinopoli , Gabor Karsai, Annarita Giani , Himanshu Neema, Andrew Davis. Outline. Introduction Security of SCADA Systems C2WindTunnel Testbed Design Testbed Implementaion Simulation Example System Model and Attacks
E N D
Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, AnnaritaGiani, Himanshu Neema, Andrew Davis
Outline • Introduction • Security of SCADA Systems • C2WindTunnel • Testbed Design • TestbedImplementaion • Simulation Example • System Model and Attacks • Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis
SCADA Systems • Supervisory Control and Data Acquisition • Manage and control critical infrastructure • Gas utilities, power plants, oil refineries, power utilities, chemical plants, water management, traffic control systems "Simulation of Network Attacks on SCADA Systems", Andrew Davis
SCADA Security • Potential damage to critical infrastructure and loss of life • Components have decades-long lifetimes • Legacy systems designed without security as a priority • Upgrades may cause unacceptable downtime • Real life examples exist • Recent Stuxnet worm targeted SCADA systems monitoring nuclear facilities in Iran "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Outline • Introduction • Security of SCADA Systems • C2WindTunnel • Testbed Design • TestbedImplementaion • Simulation Example • System Model and Attacks • Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Testbed Design Goals • Assess vulnerabilities of current SCADA systems in a realistic setting • Allow testing of novel architectural and technological solutions for next generation SCADA • Provide an open-source, highly flexible testbed for the industrial control community • Should be modular, easily reconfigurable, and accurate "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Simulation Integration Controller (Simulink) Network (OMNeT++) ?? Process (Simulink) "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Integration Challenges • Modeling network effects at packet level • Allows high fidelity simulation of network effects • Requires transferring time-stamped data among simulations with precise time synchronization • Requires discrete event model of network • Different simulation time models • Network uses discrete event simulator • Control and process use continuous time simulators • Consistent global time must be maintained to prevent breach of causality "Simulation of Network Attacks on SCADA Systems", Andrew Davis
High Level Architecture • Handles time-stamped data transfer • Defines a global object model • Uses publish and subscribe architecture to transmit time-stamped data • Handles time management among diverse time models • Directs progression of each simulation’s local time • No simulation can receive events in its past "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Simulation Integration Network (OMNeT++) Controller (Simulink) Process (Simulink) Simulink glue code OMNeT++ glue code Simulink glue code DoD/HLA Simulation Architecture "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Integration Code Generation • Integration of federates modeled with GME, a general purpose graphical modeling tool • Federates and object model • Publish and subscribe relationships • Timing parameters • C2WindTunnel includes code generators to facilitate integration of federates • HLA FED file • Simulation engine to HLA glue code • Simplified interaction publish & subscribe "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Recent Work • Extended network integration • Endpoint nodes specified in integration model allowing transparent data flow from HLA to network • Code generated for data-type based routing of information through the network • Integrates with the INET framework to allow network modeling without concern for federation level details • Restructured HLA-to-network interface to support newest version of the poRTIco RTI • New Windows installer simplifies setup • Available on project wiki "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Outline • Introduction • Security of SCADA Systems • C2WindTunnel • Testbed Design • TestbedImplementaion • Simulation Example • System Model and Attacks • Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Plant Model "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Control Problem • Objectives • Maintain production rate by controlling valves • Minimize operating cost (function of purge loss of A and C) • Restrictions • Operating pressure below shutdown limit of 3 MPa • Flows have a maximum at their saturation points "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Network Model "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Attacks • DDOS attacks are simulated on system, targeting various routers • Saturated with external communication requests from large number of zombie nodes • Process nodes connecting to attacked routers sustain 100% packet loss for the duration of the attack • Controller, feed and product routers are attacked from 30-second mark to 60-second mark out of simulation time of 150 seconds "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Attack on Feed Router Attack on Feed Router: Process remains stable throughout duration of attack "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Attack on Product Router Attack on Product Router: Process destabilizes during attack and begins to recover at its completion "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Conclusions • Effects of each individual attack are hard to predict and compare analytically • For a complicated system, calculating effects would require intensive analytical computations, could be intractable • Simulation is the best way to estimate effects, to implement and compare network configurations and redundancies "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Future Work • Simulation can be used to develop and evaluate more robust control algorithms • Extend testing to other common network security attacks • Investigate distinguishing process faults from network attacks "Simulation of Network Attacks on SCADA Systems", Andrew Davis
Acknowledgements • This work was supported in part by TRUST (Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422) and the following organizations: AFOSR (#FA9550-06-1-0244), BT, Cisco, DoCoMo USA Labs, EADS, ESCHER, HP, IBM, iCAST, Intel, Microsoft, ORNL, Pirelli, Qualcomm, Sun, Symantec, TCS, Telecom Italia and United Technologies. "Simulation of Network Attacks on SCADA Systems", Andrew Davis