ebook img

Design and Development of Layered Security PDF

23 Pages·2016·3.1 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Design and Development of Layered Security

sensors Article Design and Development of Layered Security: Future Enhancements and Directions in Transmission AamirShahzad1,MalreyLee1,*,SuntaeKim2,KangminKim3,*,Jae-YoungChoi4,*, YounghwaCho4andKeun-KwangLee5 Received:5October2015;Accepted:12December2015;Published:6January2016 AcademicEditor:LeonhardM.Reindl 1 CenterforAdvancedImageandInformationTechnology,SchoolofElectronics&InformationEngineering, ChonBukNationalUniversity,664-14,1Ga,Deokjin-Dong,Jeonju,Chonbuk561-756,Korea; [email protected] 2 DepartmentofSoftwareEngineering,ChonBukNationalUniversity,664-14,1Ga,Deokjin-Dong,Jeonju, Chonbuk561-756,Korea;[email protected] 3 DivisionofBiotechnology,CollegeofEnvironmental&BioresourceSciences,ChonbukNationalUniversity, Iksan570-752,Korea 4 CollegeofInformationandCommunicationEngineering,SungkyunkwanUniversity,Suwon440-746,Korea; [email protected] 5 DepartmentofBeautyArtsCare,KoguryeoCollege,Naju520-930,Korea;[email protected] * Correspondence:[email protected](M.L.);[email protected](K.K.);[email protected](J.-Y.C.); Tel.:+82-10-3611-8004(M.L.);+82-63-850-0836(K.K.);+82-63-270-3993(J.-Y.C.) Abstract: Today,securityisaprominentissuewhenanytypeofcommunicationisbeingundertaken. Liketraditionalnetworks,supervisorycontrolanddataacquisition(SCADA)systemssufferfrom anumberofvulnerabilities. Numerousend-to-endsecuritymechanismshavebeenproposedfor the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solutionusingacryptographymechanism. DuetotheinsecuritiesfoundwithinSCADAprotocols, thenewdevelopmentconsistsofaDNP3protocolthathasbeendesignedasapartoftheSCADA system,andthecryptographicallyderivedsecurityisdeployedwithintheapplicationlayerasapart oftheDNP3stack. Keywords: supervisory control and data acquisition; distributed network protocol; dynamic cryptographybuffer 1. Introduction Supervisorycontrolanddataacquisition(SCADA)systemshavebeenaccordedaprestigious statusandplayimportantroleswithinthereal-timeindustrialprocessingandautomationfields[1,2]. Alongwiththemassivechangesinthefieldofinformationtechnology(IT)andtheincreasinguseofIT byhumansthroughouttheirdailylives,SCADAsystemshavealsochangedfromsimplestand-alone systems,or“relaylogic”,tonetwork-basedsystemslikeatraditionalcomputernetwork[2,3]. Typically,aSCADAsystemisgovernedbyacentralcontrollerormaincontrollerthatisapartof itshierarchicalnetworkstructurethatisdesignedandconfiguredtocompriseseveralremotestations orremoteterminalunits(RTUs);theseremotedevicescollectinformationfromphysicaldevicesand transfertheinformationbacktothemaincontrollerforscrutinyandcontrolpurposes[3,4]. Sensors2016,16,37;doi:10.3390/s16010037 www.mdpi.com/journal/sensors Sensors2016,16,37 2of23 SCADA-system protocols were originally designed and used as proprietary protocols; each protocolwasdevelopedbyaspecificmanufacturerforaspecificindustryasapartofaproprietary SCADAsystemtofulfillthebasicneedsofthatspecificindustry[3,4]. Withtheincreasingdemands on SCADA systems and the underlying interoperability problems, the need for non-proprietary protocols was identified [4]. Today, many open-standard protocols such as distributed network protocolversion3(DNP3),Modbus,andFieldbushavebeendevelopedbySCADAorganizations,and haveresolvedthedilemmaofinteroperabilitybyprovidingconnectivityforthedevicesandequipment ofdifferentmanufacturersandvendors[5]. Giventheevolutionoftheopen-standardprotocolsthat areusedwithinSCADAcommunication,userscannowpurchaseanduseequipmentsuchasmaster terminal units (MTUs), RTUs, and other physical devices from a variety of manufacturers. This largerinterconnectivitybetweenanumberofopen-standardprotocolsandtheproprietaryprotocols, however,hasresultedintheheightenedvulnerabilityofSCADAsystemstoseveraltypesofsecurity attacks[6,7]. DNP3isaconventionalprotocolthathasbeenusedinSCADAindustrialprocessingincluding electricitygenerationanddistributionandwaterdistribution. DNP3isanopen-standardprotocol thatisbuiltonathree-layered,enhanced-performance-architecture(EPA)model. TheDNP3protocol contains the following three layers: the application layer, data-link layer, and physical layer. One additional layer, called the “pseudo-transport layer”, is added to the DNP3 stack to permit the transmissionofenormousquantitiesofdata[8]. TheDNP3protocolfacilitatesreliablecommunication betweentheSCADAnodes[8,9]. Theproposedstudyemphasizesnotonlytheapplicationlayerinthe DNP3protocol-developmentprocess,butalsothevulnerabilitiesthathavearisenatanapplication level,regardingthemessagetransmissionto/fromtheSCADA/DNP3protocol,andregardingTCP (transportcontrolprotocol)/IP(internetprotocol)communicationovertheInternet. 2. ProblemStatement ThedetailsofthevulnerabilitiesandsecurityissuesthataffectSCADAcommunicationswere reviewedandanalyzed[10–12];basedonthisreview,anappropriate,flexible,andprotectivesecurity solutionforSCADAcommunicationcouldnotbeidentified. Eachofthepossiblesecuritysolutionhas limitationsduetoitsdependencyonothersecuritymechanismsandprotocols[13–15]. A SCADA system’s potential security challenges exist because of the larger interconnectivity issuesbetweenproprietaryandnon-proprietaryprotocolsandtheuseofmodernIT[15–22]. Ageneric securitysolutionisdesirablefortheresolutionofsecurityissuessuchasconfidentiality,authentication, integrity,andnon-repudiation[23–27]. EstablishedglobalorganizationsincludingtheU.S.National Security Agency, U.S. Homeland Security Department, Schweitzer Engineering Laboratories, Inc., theAmericanGasAssociation,andtheGasTechnologyInstitute,havebeenvulnerabletosecurity threats due to the Internet’s open connectivity [28,29]. These organizations and other researchers havedevelopedseveralsecuritysolutionsandprotocolstoguardagainstcyber-securityissues,and thecryptography-basedsecuritymechanismshavebeenselectedasthe“best”securityapproaches for secure SCADA communications [26,30–42]. As a consequence, the DNP3 users group defined and described the cryptography approaches, such as the asymmetric and symmetric methods, to enhancethesecurityoftheDNP3protocol;therefore,thedetailsofseveralcryptographyalgorithms are available along with the information regarding their security parameters [43–57]. The main parameters such as integrity and authentication reportedly ensure and secure communication at an application level by employing a challenge-response mechanism and are significant in their protection against spoofing, modification, and replay attacks [8,58]. Several limitations, however, areacknowledgedregardingthedesignoftheDNP3secure-authenticationmechanism(mostofthe workremainsunderdevelopment)includingacapabilitythatonlyensuresend-to-endsecurityrather thanprotocol-embeddedsecurity[55–57]. Supremesecurityprotocolsand/orsolutions,suchassecuresockets-layer(SSL)/transport-layer security (TLS), Internet protocol security (IPSec), secure shell (SSH), and key agreements and Sensors2016,16,37 3of23 management, among others [43–48], have been deployed within traditional network systems and/or SCADA systems; however, these solutions have several limitations due to the protocol dependency, an end-to-end-security focus, and a reliance upon the other cryptography protocols Sensors 2016, 16, 37 3 of 22 forsecurity[5,14,49,50]. Anactualsecurityenhancementwasmadetoconquerthesecurityissuesthat usuaSllCyAreDsAid seyisntetmhse; throawnesmveirs, stihoenses soofluthtieonSsC hAaDveA sesvyesrtaelm lim;iintatthioinsse dnuhea ntoc tehme epnrot,tothcoel DdeNpPen3dpernoctyo, colis consiadne reendd,-aton-denedn-csreycuprtiitoyn faoncudsa, uatnhde na tircealitaionncem uepcohna nthisem osthtehra tcrmypotdoigfyratphheyo prirgoitnoacollfsr afmore soefcuthrietyD NP3 [5,14,49,50]. An actual security enhancement was made to conquer the security issues that usually protocol are employed. The cyclic-redundancy-check (CRC) bytes are replaced with new security reside in the transmissions of the SCADA system; in this enhancement, the DNP3 protocol is fieldsthataredesignatedtocomputethesecurityviathecryptographymechanism. Thescopeofthe considered, and encryption and authentication mechanisms that modify the original frame of the development,however,islimitedtoadata-linklayer,andthesecuritydevelopmentisalsolimitedto DNP3 protocol are employed. The cyclic-redundancy-check (CRC) bytes are replaced with new onlytheprovisionofastrongerauthenticationandnon-repudiationsecurityparametersfortheDNP3 security fields that are designated to compute the security via the cryptography mechanism. The protosccoolp[e5 o9f] .the development, however, is limited to a data-link layer, and the security development is aInlsoc olnimclituesdi otno, oannlyi ntchleu spirvoevisseiocnu roitfy as oslturotniogner isaurtehqeuntiirceadtiorna thanedr tnhoann-reepnudd-itaot-ioenn dsesceucruitryi ty to resolpvaeramtehteersse for tlhime DitNatPio3 npsrotocaonl d[59]. enhance the security of SCADA/DNP3-protocol communiIcna tcioonncslu[s5io,1n4, ,2a5n, 3i0n,c3lu2,s4iv5e,5 s1e]c.uAritsye csuolruittiyons oilsu trieoqnuiorerdm roatdheelr hthaasnt heenrde-ftoor-eenbde esencuprriotyp otos edto resolve these limitations and enhance the security of SCADA/DNP3-protocol communications supplantend-to-enddeploymentandtoenhancethesecurityoftheDNP3protocolaspartofacritical, [5,14,25,30,32,45,51]. A security solution or model has therefore been proposed to supplant infrastructuralcommunication(orSCADA)-system-using,protocol-embeddedsecurity. end-to-end deployment and to enhance the security of the DNP3 protocol as part of a critical, infrastructural communication (or SCADA)-system-using, protocol-embedded security. 3. ScopeofStudy 3In. Scthopise osft uSdtuyd,y a DNP3 protocol stack was designed and an inclusive security solution that uses cryptography algorithms such as AES, RSA, and SHA-2 is solely deployed at the In this study, a DNP3 protocol stack was designed and an inclusive security solution that uses DNPc3r-ypprtootgorcaoplh-ya ppallgicoartiithomnsl ayseurc;h hoaws evAeErS,, enRdSAu,s erasndw erSeHaAl-l2o wies dstooledlye pldoeyplaonydedt esatt ththeeo ther cryptDoNgrPa3p-phryotaolcgool-raipthpmlicsa.tiTonh elaaypepr; lihcoawtieovnerl,a yenedr iussceorsn swidereer eadllotwheedm toos tdespenlosyi tiavned lateyset rthine tohtheeDr NP3 protoccroypltboegcraapuhsey tahlgeorpirthomtosc. oTlhme aepsspaligceatiiosng leanyeerr aiste cdonastidthereeda pthpel imcaotsito nse-nlasyitievre lleavyeelr winh tehne DaNmPe3s sage is depsrigotnoactoel dbeacasussee nthteo prrorteocceoilv medes,saagned ist hgeenemraetsesda agte thise atphpelnicaptiaosns-eladyetro leavello wwheern lae vmeelssfaogre fius rther execudteisoingn[a8t,e1d0 ,a5s8 ]s.enTth oisr rsetcuedivyetdh, earnedf othree smheoswsasgeth ise tdheepn lpoaysmseedn ttoo af lsoewcuerr ilteyvealt ftohr efuarpthpelric eaxteiocuntiloenv el,or [8,10,58]. This study therefore shows the deployment of security at the application level, or the thedeploymentofapplicationprotocoldataunit(APDU)securityasapartoftheapplicationlayer, deployment of application protocol data unit (APDU) security as a part of the application layer, beforetheAPDUbytesaretransmittedtothelowerlayersoftheDNP3protocolasapartoftheSCADA before the APDU bytes are transmitted to the lower layers of the DNP3 protocol as a part of the system(security)and/oropenprotocols. FurtherdetailsareshowninFigure1,asfollows. SCADA system (security) and/or open protocols. Further details are shown in Figure 1, as follows. Figure 1. Research scope and study gap. Figure1.Researchscopeandstudygap. 4. Research Objectives 4. ResearchObjectives The main objectives of this study are as follows: Themainobjectivesofthisstudyareasfollows: 1. The bytes of the application layer or the APDU bytes are fixed at the application level; the 1. Thedbyyntaemsioc fcrtyhpetoagprapplihcya tbiuofnfelra (yDeCrBo)r ist hueseAd PfoDr Utheb ryetmesaianrinegfi bxyetdes aatfttehr ethaep fpixliincga tpioroncelsesv iesl ; the complete. The APDU bytes are therefore readily aligned with the pseudo-transport-layer bytes dynamiccryptographybuffer(DCB)isusedfortheremainingbytesafterthefixingprocessis or the TPDU bytes during the transmission of the message or the bytes. Sensors2016,16,37 4of23 complete. TheAPDUbytesarethereforereadilyalignedwiththepseudo-transport-layerbytesor theTPDUbytesduringthetransmissionofthemessageorthebytes. 2. Theassemblageoftheprotocolbytesfromthelowerlayertotheupperlayer,wherebysecurityis implementedandtestedintermsofintegrity,authentication,confidentiality,andnon-repudiation attheapplicationlayeroftheDNP3protocol. 3. The proposed security development is validated using formal proofs and the performance results are evaluated with security tools. The security results are also measured during the SCADA/DNP3-protocol end-to-end communication for the purposes of a performancecomparison. 5. ResearchContribution Thecontributionofthisstudyisthree-fold,asfollows: anewsecuritymechanismwasdesigned andimplementedwithintheoriginalSCADA/DNP3-protocolstack;thebytesareconstructedateach layer,flowedwithinthestack,andtransmittedto/fromtheTCP/IPprotocolsatbothsidesoronthe send/receiveside. Theapplication-layerbytesarealignedwiththepseudo-transport-layerbyteswithintheDNP3 stack; the remaining 56 bytes are used for the DCB. The DCB was designed and deployed to keep track of the bytes during message construction and security implementation. The new security mechanism was implemented and tested using cryptography to enhance the security of theSCADA/DNP3-protocolcommunications,anditalsoprovidesaplatformtotestandimplement othercryptographyapproaches(oralgorithms). The security mechanism was designed and implemented according to the requirements of SCADA/DNP3unicastingcommunication. Formalmethodsandtoolshavebeenusedtovalidatethe proposedsecuritydevelopmentandtoevaluateitsperformance. Theoverallperformanceresultswere measuredandevaluatedaftertheverificationofformalproofs. 6. DevelopmentoftheApplicationLayer TheapplicationlayeristhehighestortoplayeroftheDNP3-protocolstackthatinteractsdirectly withuser-applicationprogramsortakesdata/messagesfromtheuser-applicationinterface/program. The application layer interacts with the user-application program and accepts user-requested data/messagesdependingontherequirementsoftheuser. Datamaybeinanyformsuchasdigital, analog,events(ortheactionsperformedforanevent),alarms,reports,anddatafiles. Datasizeisnot limitedintheDNP3protocol;theDNP3-applicationlayertakesrandomdatafromauser-application programandmanipulatesthisdata. Theapplicationlayerconvertsthedatafromtheuser-application programintomanageablysizedblocks. Theseblocksarealsoreferredtoasapplicationservicedata units(ASDUs),andeachASDUsizeislimitedto2046/2044bytesinthecaseofarequest/response[2,9]. The application layer creates APDUs by combining or adding an application header that is called“applicationprotocolcontrolinformation”(APCI).TheAPCIfieldsconsistoftwoorfourbytes dependingonwhetherthedatarequestsareplyback. Intheproposedimplementation,theAPDUsize islimitedto1992bytes;iftherequested/responsedataislargerthan1992bytes,thenmorethanone APDUwillbecreated,dependingonthesizeoftheuserdata. IntheoriginalDNP3documentation, the numbers of ASDU blocks are not limited but each APDU’s size is limited to 2048 bytes. The APDU-buffersizeissufficienttoprocesstheentiretyoftheinformationinthedatarequested/received and,afterprocessing,thebufferisdiscardedforthenextAPDUbytes[9]. ThetotalnumberofuserblocksintheASDUiseight. Eachblockhas249bytesofinformation thathavebeenacceptedfromthelastblockbecausethelastblockhas247bytesinthecaseofarequest and245bytesinthecaseofaresponse. Theseblocksreadilyfitintothetransport-protocoldataunits (TPDUs)ofthepseudo-transportlayer. ADCBiscreatedbasedontheremaining56bytesfromeach ASDU and is used for storage information that is related to cryptography deployment and other serviceinformationforthedevelopmentofthetestbed. Sensors2016,16,37 5of23 ThefixingprocessfortheASDUbytesistwo-fold,asfollows: theAPDUbytesarealignedwith theTPDUbytesandtheremaining56bytescouldbeusedforcryptographydeploymentwithinthe appliSceantsoiorsn 20l1a6y, 1e6r, 3o7 ftheDNP3protocol. WhentheAPDUisconstructedintheapplication5l aofy 2e2r ,the controlispassedtothecryptographysolutionforsecuritydeployment.InFigure2,themasterterminal terminal unit (MTU) generates the request message and sends it to the remote terminal unit (RTU) unit(MTU)generatestherequestmessageandsendsittotheremoteterminalunit(RTU)thatthen that then generates the application-level response to the MTU after it receives the request. In the case generates the application-level response to the MTU after it receives the request. In the case of a of a command execution between the MTU and RTU, the header is only transmitted without any commandexecutionbetweentheMTUandRTU,theheaderisonlytransmittedwithoutanyASDU ASDU bytes. The following two types of message headers are in the application layer of the DNP3 bytes. ThefollowingtwotypesofmessageheadersareintheapplicationlayeroftheDNP3protocol: protocol: request and response headers. The response header has an additional two-byte field called requetshtea inndterrensapl oinndseichateioand e(rIsIN. T) hthearte sinpdoincsaetehs etahde edrihffaesreanncea dbdetiwtioeenna ltthwe or-ebqyuteestfi ealndd ctahlele dretshpeoninset ernal indicahteiaodne(rIsI iNn )ththe aAtPinCdI.i catesthedifferencebetweentherequestandtheresponseheadersintheAPCI. FiguFriegu2r.eA 2p. Applipcalitciaotnio-nla-lyaeyrers tsatatete--ttrraannssiittiioonn pprroocceesss swwithit hcrcyrpytopgtoragprhayp hsoylustoiolunt. ion. In the application layer, the MTU is responsible for sending request messages to the RTU and In the application layer, the MTU is responsible for sending request messages to the RTU the RTU is responsible for sending the response according to the MTU request; however, the and tDhNePR3T-aUppislicraetsiopno nlasyiebrl ehafos ra ssepnedciianl gcltahsse orfe srepsopnosnesea tchcaotr disi nusgedto btyh teheM RTTUU rfeoqr uthees tp;uhropwoseev oefr , the DNPs3e-nadpipnlgi ciantfioornmalatiyoenr toh aitss aprsepdeecfiinaeldc lmasasstoerf srteastipoonn. Tsehitsh sapteicsiaul scleadssb oyf rtehsepoRnTsUe isf oarlstoh cealpleudr pano se of sendi“nugnsionlfiocirtmeda trieosnpotnosiet”s apnrded ies fitnypedicamllya sbtaesresdt aotnio nth.eT chriisticsaple ecviaelnctsl aosrs porforceessps ocnhsaengisesa ltshoatc aalrlee dan “unsodliectietcetdedr ewsipthoinns ae ”coamndmuisntiycaptiicoanl.l ybasedonthecriticaleventsorprocesschangesthataredetected withinacIonm Fimguurnei 2c,a tthioe nh.ighlighted part shows the confirmation set (bit) that is transmitted between the master terminal unit (MTU) and remote terminal unit (RTU) and/or vice versa. The application InFigure2,thehighlightedpartshowstheconfirmationset(bit)thatistransmittedbetweenthe control (AC) is accounted as a main field of application layer header which used to control the masterterminalunit(MTU)andremoteterminalunit(RTU)and/orviceversa. Theapplicationcontrol communication between the nodes. AC contained four subfields, such as first fragment (FIR), final (AC)isaccountedasamainfieldofapplicationlayerheaderwhichusedtocontrolthecommunication fragment (FIN), confirmation (CON), and sequence number and in the below communications 1 and betweenthenodes. ACcontainedfoursubfields,suchasfirstfragment(FIR),finalfragment(FIN), 2 these subfields are represented in the form of [A0, A1, A2, A3] and [B0, B1, B2, B3], with confirdmistaitnigounis(hCeOd Nse)t, baint d(i.see.,q CuOeNnc oern Au2m/Bb2e =r a0 nodr 1in). tMhoerbe edloetwailc iosm prmovuindiecda tiino tnhse 1suabnsdeq2utehnet speasrtu obffi elds are rethpirse psaepnetre,d asi nfoltlhowesf:o rm of [A0, A1, A2, A3] and [B0, B1, B2, B3], with distinguished set bit (i.e.,CONorA2/B2=0or1). Moredetailisprovidedinthesubsequentpartofthispaper,asfollows: MTU/RTU Communication 1 { MTUI/fR RTeUquCesot:m MmTUun_AicCa t[iAo0n, 1A1{, A2 = 0, A3] && Response: RTU_AC [A0, A1, A2 = 1, A3] Then Confirmation: MTU_AC [A0, A1, A2 = 0, A3] IfRequest: MTU_AC[A0,A1,A2=0,A3]&&Response: RTU_AC[A0,A1,A2=1,A3] } // Master station has initialized the request without confirmation and upon receiving the RTU ThenConfirmation: MTU_AC[A0,A1,A2=0,A3] response with a confirmation set (bit), the MTU also sends the confirmation. } // Master station has initialized the request without confirmation and upon receiving the RTU respoMnsTeUw/RitThUa Ccoomnfimrumnaictaiotinons e2t {( bit),theMTUalsosendstheconfirmation. If Request: MTU_AC [B0, B1, B2 = 1, B3] then Confirmation: RTU_AC [B0, B1, B2 = 0, B3] MTU/RTUCommunication2{ && Response: RTU_AC [B0, B1, B2 = 1, B3] IfRequest: MTU_AC[B0,B1,B2=1,B3]thenConfirmation: RTU_AC[B0,B1,B2=0,B3] Then Confirmation: MTU_AC [B0, B1, B2 = 0, B3] &&Response: RTU_AC[B0,B1,B2=1,B3] Sensors2016,16,37 6of23 ThenConfirmation: MTU_AC[B0,B1,B2=0,B3] }//Masterstationinitializedtherequestwiththeconfirmationset(bit)andtheRTUalsosendsthe confirmationmessage. Afterward,theRTUwillsendaresponsewithaconfirmationset(bit)upon receiptandtheMTUalsosendstheconfirmationtotheRTU. WhentheMTUsendsarequestmessagetotheRTUwithaconfirmationbit,uponthereceipt Sensors 2016, 16, 37 6 of 22 ofthemessage,theRTUalsosendsanacknowledgment(message)totheMTU.TheRTUassembles Sensors 2016, 16, 37 6 of 22 } // Master station initialized the request with the confirmation set (bit) and the RTU also sends the the necessary information related to the requested message; once the message is ready, then it is confirmation message. Afterward, the RTU will send a response with a confirmation set (bit) senttothe}M // TMUas.teTrh setatMionT iUnitaiallsizoeds ethned rseqauecsot nwfiitrhm thaet cioonnfir(mmaetisosna sgeet )(biift)t ahned cthoen RfiTrUm aalstoio snenbdsit thise setinthe upon receipt and the MTU also sends the confirmation to the RTU. confirmation message. Afterward, the RTU will send a response with a confirmation set (bit) response(message). uWphoenn r tehcee iMptT aUn ds etnhde sM aT rUeq aulessot smenesdssa tghee t coo tnhfeir RmTaUti owni ttho ath ceo RnfTirUm. ation bit, upon the receipt of InaSCADAsystem,communicationbetweenfielddevicesiseitherintheformofcommands the message, the RTU also sends an acknowledgment (message) to the MTU. The RTU assembles the When the MTU sends a request message to the RTU with a confirmation bit, upon the receipt of or data. Unseuceaslslayr,y tihnfeorRmTaUtionw rielllatgede ntoe trhaet ereqthueestdeda tmaersesasgpeo; onnscee tahcec moersdsiangge ist oretahdye, MtheTnU it ics osemntm toa nds. The the message, the RTU also sends an acknowledgment (message) to the MTU. The RTU assembles the message onthreecd eMsasTtaaUry. aTinlhwfeo raMmyTasUtio canols nroet lsaaetinenddss t oas pcthoeenc friierfiqmcuaetdsiotaendt a( mmoeessbssjaaeggceet);s oifn atchnee dt choefn umfinremscstaaitogioen nis bc rioet adisde ysse, tt thihne nath tiet airser sespenoatnd tsode ed at the (message). start of atchoe mMTmUu. Tnhiec aMtiToUn a-lmsoe ssesnadgs ea croenqfiurmesattioonr (mreessspagoen) sife t.he TcohnefirSmCatAioDn bAit/ isD seNt iPn3 thpe rreostpoocnosel provides In a SCADA system, communication between field devices is either in the form of commands or reliablecom(mmesusangiec).a tionbetweendifferentvendor’sdevicesandmakesdatameaningfulacrossseveral data. Usually, the RTU will generate the data response according to the MTU commands. The In a SCADA system, communication between field devices is either in the form of commands or platforms.mTehsseagfoe lolor wdaitna galwseacytsi oconnstaainres stpheecicfioc rdeataap opbljeicctast aiondn -fluanycetironf ucondcetsi othnast tahrea atdhdaevde atb teheen stuarst edduring data. Usually, the RTU will generate the data response according to the MTU commands. The messagecomonfe sasts racuogmec tomiro udnna,itcaaa ntaildownta-hmysee cstsoyanpgtaee isnreso qsfupeiensctif fooicrr mdraeatsapt iooobnnjseecs.t usT cahhned aS fsCuAtnhcDteiAof/nuD cnNocdPte3ios pnthroacttoo adcroeel aapdnrdodevdidd aeatst tahreeol isbatbjaelrect tsthatare communication between different vendor’s devices and makes data meaningful across several involvedinof cao cmommmuunniiccaattiioonn-m. essage request or response. The SCADA/DNP3 protocol provides reliable platforms. The following sections are the core application-layer functions that have been used communication between different vendor’s devices and makes data meaningful across several during message construction, and the types of information such as the function code and data 6.1. ApplicpatlaiotfnorPmrso. tTochoel fCololonwtrionlg Insefcotriomnas tiaorne the core application-layer functions that have been used objects that are involved in communication. during message construction, and the types of information such as the function code and data Theaopbpjelcitcsa tthiaot narhe einavdoelvreids ina lcsoomcmaullneicdattihone. applicationprotocolcontrolinformation(APCI).APCI 6.1. Application Protocol Control Information hastwo-bytefieldsforarequestheaderandafour-bytelengthfieldforaresponseheader,whereby 6.1. ATphpeli caaptpiolnic Patriootnoc hole Cadonertr iosl aInlsfoor cmaallteiodn t he application protocol control information (APCI). APCI therequestandresponseheadersdifferbytwobytesintheapplicationlayer. Theresponseheader has two-byte fields for a request header and a four-byte length field for a response header, whereby The application header is also called the application protocol control information (APCI). APCI hasanaddthitei orenqaulestwt aond-b ryestepofineseld h,edadeesrisg dnifafeter dbya tswtoh beyItIeNs i,nw thhe iacphpdliciasttiionng luayiserh. eTsheb eretswpoenesne htheaedreer questand has two-byte fields for a request header and a four-byte length field for a response header, whereby responsehheaas dane rasddinitiotnhael tAwPo-CbyI.teF fiieglud,r dee3sigsnhaotewd sast thhee IAINP, CwIhiochr dthisetincgausieshoefs bAetPwCeeInb tyhtee rseqbueeisnt agndse nt,while the request and response headers differ by two bytes in the application layer. The response header response headers in the APCI. Figure 3 shows the APCI or the case of APCI bytes being sent, while Figure4shhoasw asn tahddeitAioPnCal Itwoor-bthytee cfiaeslde, doefsaignnaAtePdC asI -tbhey ItIeNr, ewshpicohn dsies.tinguishes between the request and Figure 4 shows the APCI or the case of an APCI-byte response. response headers in the APCI. Figure 3 shows the APCI or the case of APCI bytes being sent, while Figure 4 shows the APCI or the case of an APCI-byte response. Figure 3. Request header structure. Figure3.Requestheaderstructure. Figure 3. Request header structure. Figure 4. Response-header structure. Figure 4. Response-header structure. The first byte of the APCFI irgequurees4t .oRr reessppoonnssee -ihs edaedsiegrnastterdu catsu trhee. application control (AC). The communication between the MTU and RTU is controlled by the AC field. The AC field carries one The first byte of the APCI request or response is designated as the application control (AC). The byte of information, having three bits or flags, such as FIR, FIN, and CON, and a five-bit sequence communication between the MTU and RTU is controlled by the AC field. The AC field carries one Thefinrusmtbbeyrt ethoatf ist hueseAd tPoC mIorveeq furaegsmteonrtsr (eosrp AoPnDsUesi)s ind ae sseiqguneantteiadl oarsdetrh. eapplicationcontrol(AC).The byte of information, having three bits or flags, such as FIR, FIN, and CON, and a five-bit sequence communicnautmiobInne rM btheTatUtw i/sRe uTesUned tc htoome mmMouvTnei Ucfraatagionmnd,e niRft stT h(oUer MAisPTDcUoU snse)tt risn ot alhl ese edcqoubnefynirtmitahla etoiroAdne Crb. ifit aesl dC.OTNh e= A1 Cwitfiheinl dthcea rriesone requested message, then the RTU will also be responsible for sending a confirmation within the byteofinformIna tMioTnU,/hRaTvUi ncogmtmhureneicabtiiotsn, oifr tflhae gMs,TUsu scehts atsheF cIoRn,fiFrmINat,ioann bdit CasO CNO,Na n=d 1 awfiithvien- bthiet sequence response message with the same sequence as the MTU-requested sequence number. In a case where numberthraetquisesutesde dmetsosamgeo, vtheefnr athgem ReTnUt sw(ioll raAlsoP DbeU ress)pionnsaibslee qfoure snetnidailnog rad ecor.nfirmation within the multiple messages are received by the MTU/RTU with the same sequence number, then the second response message with the same sequence as the MTU-requested sequence number. In a case where In MTnuUm/bRerT wUillc boem igmnourendi caandti othne, fiirfstt ohnee MwilTl Ube ascectespttehde; ifc noontfihirnmg iast rieocneivbeidt bays thCeO MNTU=/RT1Uw, ithin the multiple messages are received by the MTU/RTU with the same sequence number, then the second requestednmumebsesra wgeil,l bthe eignnotrhede aRnTd Uthew fiirlslt oanlseo wbille ber eascpceopntesdi;b ilfe noftohrinsge ins dreicnegivead cboy nthfier MmTaUti/RoTnUw, ithin the responsemessagewiththesamesequenceastheMTU-requestedsequencenumber. Inacasewhere multiplem essagesarereceivedbytheMTU/RTUwiththesamesequencenumber,thenthesecond Sensors2016,16,37 7of23 numberwillbeignoredandthefirstonewillbeaccepted;ifnothingisreceivedbytheMTU/RTU,then therequestwillbetransmittedagain.ThesequencenumberisincrementedwiththeAPDUincrements, andtheresponse-APDUsequencenumberisthesameastherequested-APDUsequencenumber. ThefirstAPCIfieldisusedtomanagethecommunicationflowandthesecondfieldisdesignated afunctioncode(FC);theFCcarrysonebyteofinformationthatisusedtodefinetheactualmeaning of the message/data to be sent/received between the MTU and RTU. Data is the most important partofSCADA/DNP3communication. Aspreviouslymentioned,theDNP3protocolisdesignedto manipulatedifferenttypesofdata,suchasdigital,analog,eventoranactionperformedforanevent, alarms,reports,anddatafiles. TheDNP3protocolnotonlyprovidesreliablecommunicationbetween fielddevicesthatareconnectedinaSCADAnetwork,butitalsomakesthedatameaningfulacross differentnetworkstounderstandthemeaningandpurposeofthemessage. InthesecondAPCIfield,thefunctioncodesareusedtodefineoridentifyspecificfunctionsfor thedatathatarebeingoperatedorthefunctionthatisusedtoperformwiththedata. Somefunction codesarelimitedtothespecificdataonwhichtheyoperate;therefore,data-objectreferencesarealso includedwithintheASDU. TheIINfieldthatisusedintheresponseheader(orAPCI)containstwobytesofinformation followedbyafunctioncode,anditisusedforsendingaresponsetoadesiredstation. Eachbitinside theIINfieldhasaspecificmeaningforthepurposesofresponse-messagegeneration,usuallyfromthe RTUtotheMTU.TheRTU-responsemessagedefinestheflagsthatcorrespondtotheIINfieldthatare copiedinthemessageeachtimethemessageissentfromthesubstationtothemasterstation. Using theIINfieldintheresponseheader,thesubstationwillthenreporttothemasterstation. In a SCADA system, the sent/received message carries commands and sometimes data as a responsefromtheRTU,wherebythedataiscomposedoffunctioncodesanddataobjects. TheFC definesthemeaningandusesofthebytes(ormessage)intheDNP3protocolandthedataobjects definethestructureandthedatainterpretationprocess. 6.2. ApplicationServiceDataUnit Asdiscussed,therearetwotypesofdata/messagecommunicationswithinaSCADAsystemsuch asarequestfromtheMTU,aresponsefromtheRTU,and/oranunsolicitedresponse.Eachtime,oneor moreAPDUsarecreated,dependingonthesizeoftheuserdatathatisbeingrequested/respondedto. Ifmorethan1992byteswithaheaderaresentfromtheMTU,thenmultipleAPDUsaregeneratedand transmittedinasequentialorder. EachAPDUisrepresentedasafragmentwithfieldssuchasAPCI andASDU.TheASDUismadeupofdataobjectsandeachdataobjectisfollowedbyanobjectheader. IntheASDUfield,theproposedresearchlogicallyfixedthenumberofdatablocksat8andeachblock is249bytes,withtheexceptionofthelastblock;furthermore,theproposedresearchlogicallyfixedthe ASDUsizeupto1990bytesinthecaseofarequestand1988bytesinthecaseofaresponse. Here,eachdatablock(orblock)ofanASDUcontainsanobjectheaderanddataobjects. Through logicalfixingoftheASDU,thedatablockseasilyfitinto(oralignwith)thetransportprotocoldata units (TPDUs) in the pseudo-transport layer of the DNP3 protocol; for example, the 1992 bytes of APDUaretransmittedandaretreatedasuserbytesinthepseudo-transportlayer. Thebytesofthe transportservicedataunit(TSDU)areassembledandthenconvertedinto8datablocks,and1byte ofheaderinformationisaddedtoeachdatablockresultingintheformationof8TPDUs. Because thelowerlayer(ordata-linklayer)onlycarriesupto250bytesfromthepseudo-transportlayer,the logicalfixingprocessoftheASDUistwo-fold,asfollows: 1)TheAPDUbytes(or1992APDUbytes) arealignedwiththeTPDUbytesinthepseudo-transportlayer. 2)Theremaining56bytes(fromthe totalof2048APDU)areusedfortheDCB.IntheoriginalDNP3documentation,theuser-datablocks arenotfixed. In the ASDU, each data block is composed of the following two subfields: object header and dataobject. EachASDUfieldiscomposedofoneormoredatablocks, buttheblocksarelogically limited to 8 (blocks) and the maximum ASDU size is up to 1990 bytes/1988 bytes in the case of a Sensors2016,16,37 8of23 request/response. Figure5showstherequest/responseASDUstructure(ornew,fixedASDUblocks) Sensors 2016, 16, 37 8 of 22 withsubfieldssuchas“objectheader”and“dataobject”. Theobjectrheqeuaedst/errespsopnesec.i Ffiigeusret h5 sehodwast tah-eo rebqjueecstt/rteysppoensae nAdSDtUh setriunctsutrae n(ocr eneowf, fdixaedta ASthDUat bliosckbse) ingreferenced with subfields such as “object header” and “data object”. bythemessage. ThTeheo obbjjeecctt hheaedaedr sepreciisfiems thaed deatua-pobojecft tthypee oanbdj ethcet ,inqstuanaclei fiofe dra,taa tnhdat irsa bneignge rfiefeerlednscebd etween3bytes and11bytesofblye nthge tmhe.ssage. The object header is made up of the object, qualifier, and range fields between 3 bytes and 11 bytes of length. Figure 5. New logical fixing of ASDU. Figure5.NewlogicalfixingofASDU. In the ASDU, “object header”, “qualifier”, and “range” fields are used to identify the specific data points of each object group, and the variations that are being referred to as data are used on IntheASDboUth, t“heo sbenjedcert ahnde aredceeivre”r ,si“dqesu. Ian lai fireequre”s,t manesdsag“er, oannlyg tehe” dfiatea liddesntaifirceatiuons ewdill btoe reiqdueirnedti fythespecific datapointsofeaancdh doabtaj eocbtjecgtsr oaurep i,ncalunddedt hine rvesaproinaseti omnesssatgheas tfraomre tbhee isnubgstraetifoenr. rTehde qtouaalifsiedr afiteald aisr eusedonboth composed of the qualifier code or “Q-code”, the index size or “I-size”, and provides the thesenderandqrueacleifiievr-ecordsei vdaeluse.. TInhe aquraeliqfiuere fsietldm weitshs taheg rea,ngoen flieyldt whoerkds atot afuildly eidnetnitfiifyc athtei odnataw obiljelctbs erequiredand dataobjectsaretihnatc floulldowe deacinh orbejescpt hoenadseer min ethses AaSgDeUs. fInro thme otbhjeect shueabdsetr,a tthieo onb.jeTct hfieeldq ius asulbifidievridfiede ilndtoi scomposedof two fields such as the object group that defines the general type of data and the object variation that thequalifiercodeor“Q-code”,theindexsizeor“I-size”,andprovidesthequalifier-codevalue. The defines a particular variation of data and up to 2 bytes of length. qualifierfieldwiththerangefieldworkstofullyidentifythedataobjectsthatfolloweachobjectheader 6.3. System Model: Application Layer Development intheASDU.Intheobjectheader,theobjectfieldissubdividedintotwofieldssuchastheobjectgroup This study used the open library of the DNP3 protocol and the explicit codes were deployed, thatdefinesthegeneraltypeofdataandtheobjectvariationthatdefinesaparticularvariationofdata thereby finalizing the proposed system’s design and development. To validate the proposed andupto2byteapspolicfaltieonn-glatyher. (message) design and development, Postulate 1 to Postulate 4 were employed, and these are further used for the verification of the algorithm and during the security-development phase. The basic notations that are used in this section are summarized in Table 1. 6.3. SystemModel: ApplicationLayerDevelopment Table 1. Terminologies for system design and development. ThisstudyusedtheopenlibraryoftheDNP3protocolandtheexplicitcodesweredeployed, Notations Descriptions thereby finalizing the proposed systReamndo’ms bydtees fsroimg unsera-anppdlicatdione lvayeerl oorp ramndoemn intp.ut byTteos frovma lidate the proposed (cid:1850) user-application layer. application-layer (message) design and development, Postulate 1 to Postulate 4 were employed, (cid:1858)(cid:3091) Function that defines bytes X andthesearefurtherused(cid:1866)f ortheverifi(cid:1866)c=a 1t,i2o,3n,…o,(cid:1863)f,t(cid:1875)hℎ(cid:1857)e(cid:1870)(cid:1857)a(cid:1863)l(cid:1861)g(cid:1871)o(cid:1853)r(cid:1864)(cid:1861)i(cid:1865)t(cid:1861)h(cid:1872)(cid:1857)m(cid:1856)(cid:1861)(cid:1866)a(cid:1872)(cid:1857)n(cid:1859)(cid:1857)d(cid:1870) duringthesecurity-development (cid:1858)(cid:3002)(cid:3017)(cid:3004)(cid:3010)((cid:1850)) Function that computes the application-layer header bytes or APCI bytes. phase. Thebasicnotation(cid:1858)(cid:3002)(cid:3020)s(cid:3005)(cid:3022)t(h(cid:1850)a) tareuseFdunicntiont hthiast cosmepcutteiso thne aapprleicastiuonm-laymer adartai zbyeteds oir nASTDUa bbyltees. 1. ((cid:1850)(cid:3035),(cid:1850)(cid:3031)) Computed header (h) bytes (cid:1850)(cid:3035) and data (d) bytes(cid:1850)(cid:3031). (cid:1850)(cid:3031)(cid:3052) Computed dynamic (dy) bytes (cid:1850)(cid:3031)(cid:3052) via function (cid:1858)(cid:3031)(cid:3052). Table1.TerminoFloungctiieons thfoatr cosmypsuttees mthe dapepslicigatniona lanyder fdraegmveenlto opr AmPDeUn bty.tes. Such (cid:1858)(cid:3002)(cid:3017)(cid:3005)(cid:3022)((cid:1850)) that (cid:1858)(cid:3002)(cid:3017)(cid:3005)(cid:3022)((cid:1850))=(cid:1858)(cid:3002)(cid:3017)(cid:3004)(cid:3010)((cid:1850))+(cid:1858)(cid:3002)(cid:3020)(cid:3005)(cid:3022)((cid:1850)). (cid:2009)∈((cid:1845);(cid:1844)) Distinct identifier(s) for sender(S) or responding (R) message (M)/bytes (b) Notations ((cid:1858)(cid:3002)(cid:3004),(cid:1858)(cid:3007)(cid:3004),(cid:1858)(cid:3010)(cid:3010)(cid:3015)) c(cid:1858)(cid:3002)a(cid:3017)s(cid:3004)e(cid:3010) o((cid:1850)f s)eonrd AinPgC(SI )b/ryetesps othnadti nagr(eRD c)o. em spcutreidp byt ifuonnctsions: (cid:1858)(cid:3002)(cid:3004),(cid:1858)(cid:3007)(cid:3004),(cid:1858)(cid:3010)(cid:3010)(cid:3015), in the ((cid:1876)(cid:2869),(cid:1876)(cid:2870),(cid:1876)(cid:2871)(cid:1876)(cid:2872),(cid:1876)((cid:3036)(cid:3040)R,(cid:3032)a(cid:3051))n,(cid:1876)d(cid:3036)(cid:3036)o(cid:3041)m) bytPeasrafmroetmers uofs feurn-catiopnp (cid:1858)l(cid:3002)i(cid:3017)c(cid:3004)a(cid:3010)(t(cid:1850)io),n(cid:1871). lSauyche rthaotr, (cid:1858)r(cid:3002)a(cid:3004)n,(cid:1858)(cid:3007)d(cid:3004)o,(cid:1858)m(cid:3010)(cid:3010)(cid:3015)i∈np(cid:1858)(cid:3002)u(cid:3017)(cid:3004)t(cid:3010).b ytesfrom X ((cid:1858)(cid:3016)(cid:3009),(cid:1858)(cid:3016)(cid:3005)u)s er-applica (cid:1858)t((cid:3002)(cid:1858)i(cid:3020)(cid:3016)o(cid:3005)(cid:3009)n(cid:3022),((cid:1858)(cid:1850)l(cid:3016)a(cid:3005))oy)r,e iAnrS. tDheU c absyete os ft hseant dairneg c(So)m/rpeustpeodn bdyin tgh(eR f)o. llowing functions: fu ((cid:1876)(cid:2873),(cid:1876)(cid:2874),(cid:1876)(cid:2875),F(cid:1876)(cid:2876)u)n ctionthPaatrdameefitenres sof bfuyntcetisonX (cid:1858)(cid:3002)(cid:3020)(cid:3005)(cid:3022)((cid:1850)), such that (cid:1858)(cid:3016)(cid:3009),(cid:1858)(cid:3016)(cid:3005)∈(cid:1858)(cid:3002)(cid:3020)(cid:3005)(cid:3022). n ((cid:1876)(cid:2873).(cid:2869),(cid:1876)(cid:2873).(cid:2870)),((cid:1876)(cid:2874)n.(cid:2869),“(cid:1876)(cid:2874).(cid:2870)1) ,2,3,.o((cid:1876)b.(cid:2873)j.e.(cid:2869)c,,t(cid:1876)k q(cid:2873),u.(cid:2870)wa)liahfrieeer ri m(e(cid:1867)kp(cid:1869)li)is eda lfoimr oibtjeecdt ifunntcetigone(r(cid:1867)(cid:1858)) and ((cid:1876)(cid:2874).(cid:2869),(cid:1876)(cid:2874).(cid:2870)) are implied for fAPCIpXq (cid:1858)(cid:3013)((cid:1850)(cid:3031))F unctionthFautnccotiomn pthuatt leosgictahlely afipxepd ltihcea AtSiDonU -blyateyse irntoh deaatda ebrlocbkys t(DesB)o. rAPCIbytes. f pXq Functionthatcomputestheapplication-layerdatabytesorASDUbytes. ASDU pX ,X q Computedheader(h)bytesX anddata(d)bytesX . h d h d X Computeddynamic(dy)bytesX viafunction f . dy dy dy FunctionthatcomputestheapplicationlayerfragmentorAPDUbytes.Suchthat f pXq APDU f pXq“ f pXq` f pXq. APDU APCI ASDU αPpS;Rq Distinctidentifier(s)forsender(S)orresponding(R)message(M)/bytes(b) f pXqorAPCIbytesthatarecomputedbyfunctions: f ,f ,f ,inthe pf ,f ,f q APCI AC FC IIN ´ AC FC IIN ¯ caseofsending(S)/responding(R). x1,x2,x3x4,xpim,exq,xiin Parametersoffunction fAPCIpXq,s.Suchthat, fAC,fFC,fIIN P fAPCI. f pXqorASDUbytesthatarecomputedbythefollowingfunctions: pf ,f q ASDU OH OD pf ,f q,inthecaseofsending(S)/responding(R). OH OD px ,x ,x ,x q Parametersoffunction f pXq,suchthat f ,f P f . 5 6 7 8 ASDU OH OD ASDU px ,x qareimpliedforobjectfunction(of)andpx ,x qareimpliedforobject px ,x q,px ,x q 5.1 5.2 6.1 6.2 5.1 5.2 6.1 6.2 qualifier(oq) f pX q FunctionthatlogicallyfixedtheASDUbytesintodatablocks(DB). L d Sensors2016,16,37 9of23 Postulate1. ThenumberofbytesXisdefinedandreceivedfromtheuser-applicationlayerthroughthe useoffunction fµ. Thefunction fAPDU P fµexistsandisperformedatbothsidesofthetransmission withtheusageofthedistinctidentifiersαPpS;Rq,andsimultaneouslyinteractswithandisupdated inthedynamicstorageasapartoftheprotocolstack. TherandombytesXareretrievedfromtheuser-applicationlayerbyperformingthefunction fµ thatisdesignatedtocheckthebytesXthatarelimitedbytheproposeddevelopment. Inthecaseof thesending(S)/responding(R)APDUbytes,thefunctions f and f areemployedtocompute ASDU APCI theASDUbytes(X ),theAPCIbytes(X ),andpf , f qP f . Inthecasewhereanumber d h ASDU APCI APDU offragmentsarerequiredinthetransmission,then f P f andn=1,2,3,... ,k,wherekis APDU APDUn thelimitedinteger. Moreover,thecomputedbytesaresimultaneouslyupdatedbytheemploymentof function f andthedesignationofX . ThecomputedfragmentpFragqwiththeconcatenation(||q of dy dy dynamicbytescanbedemonstratedas ˇˇ ˇˇ @X ñFrag“ f pXq“ f pXq` f pXqˇˇX , αPpS;Rq APDU APCI ASDU dy f pXqñ X ^ f pXqñ X ^pX ,X qď Limit APCI h ASDU d h d wherelimitisamaximumvaluedependingonthesizeofthebytesthatarespecifiedforafragment. Postulate2. Theexistentfunctions f , f ,and f ,areemployedtocomputetheprotocol-header AC FC IIN bytes, if, and only if, the parameters x ,x ,x x ,x ,andx are satisfied, such that f , f , 1 2 3 4 pim,exq iin AC FC f P f . IIN APCI Inthecaseofsendingfragmen´t, ¯ DX ôpx ,x ,x x q P f ^ x P f ^pf , f qP f . h 1 2 3 4 AC pim,exq FC AC FC APCI Inthecaseofaresponsefragment, ´ ¯ DX ôpx ,x ,x x q P f ^ x P f ^px qP f ^pf , f , f qP f h 1 2 3 4 AC pim,exq FC iin IIN AC FC IIN APCI To compute the header (h) bytes, the AC function f and its parameters are as follows: AC rx ,x ,x x s ““ rSequenceNumber,Confirmation,FIN,FIRs. The function f with its 1 2 3 4 FC parameter-request code (im) and/or response code (ex) are performed in the case of sending (S) a fragment, while the difference of the two-byte IIN is counted via the function f during the IIN responding(R)fragment. Postulate3. Theprotocol-databytesarecomputedusingtheemploymentofthefunctions f and OH f P f ,if,andonlyif,theparameterspx ,x ,x ,andx qaresatisfied;adifferenceoftwobytes OD ASDU 5 6 7 8 existsintheresponsecase. DX ôrpx Q x ,x q,px Q x ,x q,x sPf ^px qP f ^p f , f qP f d 5 5.1 5.2 6 6.1 6.2 7 OH 8 OD OH DO ASDU For the ASDU bytes, the object header (OHq function f with its parametersrx ,x ,x s ““ OH 5 6 7 rObjectFunctionpofq,ObjectQualifierpoqq,ObjectRangeporqs,andthedataobject(DO)function f with DO its parameter [x ] == [user bytes (ub)] are computed in the case of sending (S)/responding (R), 8 but a two-byte difference is accounted for in the responding (R) case that ensures the total size. Here,rx ,x s““rObjectGrouppogq,ObjectVariationpovqsareimpliedfortheobjectfunction(of)and 5.1 5.2 rx ,x s““rQualifiercodepqcq,IndexSizepisqsareimpliedfortheobjectqualifier(oq). 6.1 6.2 Postulate4. Thefunction f isanexplicit,duallogical-distributionfunctionifitisoperatedonbytesX, L andXareretrievedfromfunction fµ,asfollows: ÿ fµ ñ@XαPpS;Rq ñ fASDUpXqñ Xd ñ fLpXdqñ fLpXdq« ri“1pDBqi,i“1,2,3,...r here,theASDUbytesarelogicallypLqfixedintothedatablocks(DB)butthebytesvaryinthecases ofsendingandresponding,andrisrepresentedforthelogical8blocksinthecaseofafullfragment (i.e.,1992bytesand f P f ). ASDU APDU Sensors2016,16,37 10of23 7. Algorithm: Pseudo-CodeComputingofFragmentwithSecurity Algorithm1FragmentSecurity Input: UserlayerbytesX,X ,αPpS;Rq; α Output: (X ,X q,Security(EncryptionEny,DecryptionDny,Messag(M),X h d dy 1. Defineandman!agethenumˇ berofuserlayerbytes,X,Xα,αPpS;R)q; ˇ 2. CalculateX “ pAC, FCqˇpx ,x ,x x ,x q ďlimit, limitPS ; ! h ˇ´ 1 2 3 4 pim,exq¯ ) ˇ X “ pAC, FC,IINqˇ x ,x ,x x ,x ,x ďlimit, limitPR ; h 1 2 3 4 pim,exq iin 3. Calculate X “tpOH, ODq|p x ,x ,x x qďlimit, limitP(S;R)u;«pDBq ,1ďiď8; d 5 6 7 8 i 4. Byusageofsteps2and3, ř ř APDU“tpX ,X q| pX ,X q,limită pX ,X qďlimit},αPpS;Rq; h d h d h d X “dy.Updatepq; dy 5. Whilethereisapplicationprotocoldataunit(APDU)computedbytes(X ,X q,αPpS;Rq; h d 6. Securityiscomputedbyemployingofcryptographyfunctions,Symmetric (Symqfunction,Asymmetric(Aymqfunction,Hashing(H)function; 7. EnypAPDUq““MessagpMq““EnyrSympAPDUq,AymtHashpAPDUqus; X “dy.Updatep); dy 8. IfEnypAPDUqbytesarereceivedattargetside.Then 9. DnyrMs““DnyrEnytSympAPDUq,AymtHashpAPDUquus;X “dy.Updatepq; dy 10. Endif 11. IfDnyrMsisperformed.Then 12. (X ,X qarereassembletobytesX; h d 13. Endif 14. Endwhile 8. Implementation TheaimofthisworkistodesigntheDNP3stackandtodeploythesecurityalgorithm(s)within the protocol; therefore, the DNP3 stack has been designed by the deployment of explicit (or real) functionsintheC#programmingplatform,whilethehistorian(ordatabase)wasdeployedbyusing the MySQL tool. Several approaches [1,3,5–7,14,15] were analyzed against the SCADA/DNP3 in termsofsecuritybuttheyarebasedonend-to-enddevelopments. DNP3isaproprietaryprotocoland issituatedatthetopoftheTCP/IPprotocolsforInternet-basedcommunication[5,8,9,14,15,57–60]. SecurityisamajorissuethathasbeenfacedbytheDNP3protocolsinceInternet-basedcommunication hasoccurredthroughopenprotocol(s). Thisworkthereforeproposesanewapproachthatdeploysthe securitywithintheDNP3protocolbeforethetransmissionofbytestonon-proprietaryprotocolssuch asTCP/IPandUDP. Intheimplementationphase, thedesignoftheDNP3stackisalsoamajorchallenge, andthe deploymentofsecurityusingastrongmechanismthathasthepotentialtosecuretheSCADA/DNP3 transmissionagainstattacksisrequired. ThefirstchallengewasresolvedbythedesignoftheDNP3 stack and its relevant functions in C# using implicit/explicit libraries and functions. Prior to the security-implementationphase,anothermajorchallengeisthestorage,updating,andmaintenanceof thesecuritytrackswiththecorrespondingstackinformationduringthereal-timedeliveryofbytes. Toresolvethischallenge,theDCBisdeployedandemployedduringtheentiredevelopmentstage. TheDCBcontainsthenumbersofthedynamicfunctionalfieldsthatsuccessfullycontrolthesecurity operationsandstackrelevantinformation.

Description:
Like traditional networks, supervisory control and data acquisition (SCADA) Typically, a SCADA system is governed by a central controller or main
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.