Hindawi Publishing Corporation International Journal of Distributed Sensor Networks Volume 2015, Article ID 738687, 15 pages http://dx.doi.org/10.1155/2015/738687 Research Article The Sensors Connectivity within SCADA Automation Environment and New Trends for Security Development during Multicasting Routing Transmission AamirShahzad,1KalumPriyanathUdagepola,2Young-keunLee,3 SoojinPark,4andMalreyLee1 1CenterforAdvancedImageandInformationTechnology,SchoolofElectronics&InformationEngineering, ChonbukNationalUniversity,Ga,Deokjin-Dong,Chonbuk664-14,Jeonju561-756,RepublicofKorea 2DepartmentofInformationandComputingSciences,ScientificResearchDevelopmentInstituteofTechnologyAustralia(SRDITA), 38aHaigRoadLoganlea,Brisbane,QLD4131,Australia 3DepartmentofOrthopedicSurgery,ChonbukNationalUniversityHospital,Ga,Deokjin-Dong,Chonbuk664-14, Jeonju561-756,RepublicofKorea 4GraduateSchoolofMOT,SogangInstituteofAdvancedTechnology,SogangUniversity,35Baekbeom-ro,Mapo-gu, Seoul121-742,RepublicofKorea CorrespondenceshouldbeaddressedtoYoung-keunLee;[email protected];[email protected] Received16January2015;Accepted15April2015 AcademicEditor:SanaUllah Copyright©2015AamirShahzadetal.ThisisanopenaccessarticledistributedundertheCreativeCommonsAttributionLicense, whichpermitsunrestricteduse,distribution,andreproductioninanymedium,providedtheoriginalworkisproperlycited. This study examined the security of SCADA system and its protocols, more specifically, SCADA/DNP3 protocol security. To achieve the study goals, a SCADA simulation environment is designed for water pumping process through connectivity of intelligentsensors,thepayloadisconstructed,andsecurityisdeployedinsideDNP3protocolstackandthenbytesaremulticastto subcontrollers. 1.Introduction or/andoccurredasunicastingtransmission,meaningthatthe remaining network nodes are unaware during transmission Incurrentage,thenetworkbaseSCADA(supervisorycon- [2,3]. trol and data acquisition) systems are performing advance Nowadays,SCADAsystemsareemployingmoderntech- functionsandprovidealloperationalfacilities,astraditional nologies to fulfill the current requirements of industrial networks such as LAN/WAN and others [1]. The existing infrastructures. Due to massive changed found in arena of SCADA systems were connected with limited number of real time systems, the communication has been going to networks and usually the connectivity between network unsecured and undeliverable to destinations due to several nodes is one-to-one (or unicasting) transmission [1, 2]. In potentialvulnerabilitiesandattacks[4–11].Tominimizethe few cases, SCADA system provides broadcasting service, security issues of SCADA communication, several end-to- suchthatbytesarebroadcasttoeachandeverynodewithin endsecuritydevelopmentshavebeenmadeandcommercial configured network. The broadcasting facility is limited to softwareisemployed[1,12–17].InSCADAsystems,numbers controller side. In case of unsolicited message (or response ofcryptographykeysaredistributedamongnodesfollowed bytes), remote sensor-node is authorized to send or issue by SCADA communication requirements [11, 18–21]; the an unsolicited request to main controller and upon receiv- desiredmessageisencryptedbeforetransmittingtodestina- ing master node transmits an acknowledge message back tionanduponreceivingatremotesidedecryptionfunction to remote node. Overall, transmission is usually granted isrequiredandappliedtoopenthesenderrequestmessage 2 InternationalJournalofDistributedSensorNetworks [12–15, 22]. Encryption based security approaches are con- inbalancesystem,onlymainnodeisauthorizedtoinitiatethe sideredasbestapproachestohidethesensitiveinformation communicationwithconnectedsubnodesinSCADAsystem of SCADA systems against adversaries [14, 17, 22–28]; the [1–3].Thebasicconfigurationandspecificationsarerequired securityapproachessuchasIPSec,SSL/TLS,andpatternhave whethermaincontrollersendsrequesttosubcontrollerorsub alsobeendeployedinenhancementofSCADAsecuritybut controllerinitiatesthecommunication,andareconsideredat thesearenotconsideredasbestduetoprotocoldependencies, application layer of DNP3 protocol [34, 35]. The proposed whilebeingcomparedwithcryptographybasedapproaches study employs a balance system in SCADA multicasting [23,29–31]. transmissionanddeploysthesecuritybeforetransmittingof Inresearchespapers[2,23,25],symmetrickeyencryption bytestoopennetwork(s). isdeployedwhichmadesecurityenhancementintransmis- The rest of research paper is organized as follows. In sionofpayloadinSCADAsystemorbetweenSCADAfield Section2, problem statement is conducted that is directly devices; the field devices are designated as sensor device linkedwithproposedstudy,andresearchobjectivesareiden- whichareconnectedwithphysicalworldandconfiguredto tified that are considered as building blocks of proposed manipulate the information from and process to SCADA study. A simulation is designed for water pumping system main controller [29, 30, 32, 33]. The main controller is in Section3 and its overall control is managed by SCADA/ supervisorial in SCADA hierarchical structure and sensor DNP3 system. The SCADA/DNP3 testbed setup is created devicesaretreatedasslavedevices;thenetworkstructureof and multicasting sensor-nodes are configured in Section4, SCADAsystemsaredefinedasstatisticalstructure,meaning while Section5 explains the detail security development thatallnetworknodesaredefinedandconfiguredinadvance. and its corresponding communication details. Performance The hierarchical structure is static, so there is minimal assessmentandcomparisonismadeinSection6whichshows chance of attacks such as man-in-the-middle attack or/and the significant computed results. The existing survey on network attacks [23]. In other researches [25, 30, 31], the SCADA/DNP3 securityissues isdescribed inSection7and use of commercial security software in SCADA systems Section8concludestheoverallstudy. is considered inappropriate due to number of limitations such that mostly commercial tools designs are based on 2.ProblemStatement general manipulation of SCADA system security without concedesofspecifiedSCADAprotocol(s)[16,17].Thehash- The multicasting transmission between SCADA sensors- ing algorithm is accounted as a best security approach in controllers (or nodes) is commonly found and required in SCADAtransmissionor/andSCADAprotocolstransmission SCADAsystems.Inparticular,inthecaseofwarmtrafficor [23, 30]. Hashing algorithm (or SHA-2 hashing algorithm) abnormal scenario, in which the attacker successfully gains is deployed during message exchanging of DNP3 protocol control, distinguish sensors-controllers and other SCADA as a part of SCADA communication system. The DNP3 sensors-controllersremainedthesameornormallycommu- payload is generated and hashing function is applied on to nicate with main controller. The main controller analyzes compute the hash digest of payload; the hashing function theabnormalcommunicationwithinnetworksystemandis produced a fixed value of payload that would be helpful to protect the payload from integrity attacks such as payload unabletorecoverthem,asnormalcommunication,andalso modification and payload reply. The original payload and has no alternative solution for system recovery. Therefore, computed hash digest is transmitted to outstation (i.e., a main controller gives the alarm to all stations to turn off. sensingdeviceoracomputerconnectedwithsensor).Upon In this scenario, whole SCADA transmission is suffered receiving, hash digest is again computed by outstation to including normal sensors-controllers, which significantly make comparison with main controller hash digest; on the affects the critical communication or SCADA system com- basis on comparison result the decision would be made munication. The overall transmission is down until system eitherrejectedoraccepted.Inconsequenceofcomparison,if recovery, which is the most dangerous situation for critical maincontrollerandoutstationhashvaluesarematchedthen infrastructuressuchaselectricalstations,waterpumpingand payloadisacceptedorotherwiserejected,andcorresponding controllingstations,aircraftcontrollingsystems, andothers conformationisreplied[25,30]. [2,3]. Usually, SCADA system provides two types of com- municationfacilities:balanceandunbalance,dependingon Research Objectives. The research objective of this study is protocol uses [2, 3]. Distributed network protocol (DNP3) twofold: is the most popular protocol, which has been employed by SCADA systems. DNP3 protocol has four layers in its (i)The SCADA communication is persuaded to multi- stackincludingapplicationlayer,pseudotransportlayer,data casting communication, and its security directions link layer, and physical layer. In each layer, message size willbehelpfultohandletheabnormalscenarios. is limited up to 2048 bytes, 250 bytes, and 292 bytes, and physical layer is helpful during transmission of bytes. (ii)Based on best performance evaluation, the DNP3 The DNP3 protocol is supported for both balance and protocol stack is designed and security solution via unbalance communications, decided at its data link layer. cryptographyisdeployed,withSCADA/DNP3trans- Meaning that, in unbalanced system, each and every node missionacquirementsinmindduringbytesmulticas- isabletoinitiatethecommunicationwithmainnode,while, ting. InternationalJournalofDistributedSensorNetworks 3 Heat control sensor Cold control Main controller sensor Pressure sensor Pressure Subcontroller sensor Local storage Subcontroller In security Local storage Cooler Heater Motor Motor Main storage Cool water storage Hot water storage Figure1:SCADA/DNP3supervisoryenvironment:waterpumpingsystem. 3.SCADASimulationEnvironment 4.SCADATestbedSetupandConfiguration SCADAsimulationenvironmentisdesignedforwaterpump- InSCADAtestbed(inFigure2),sixremotestations(orsub- ing system which collects the water from external source controllers), plus sensor- controller node (or RTU1) which and performs the operations of cooling and heating, which istreatedasrendezvouspoint(RP),areconfiguredwithmain would further utilize industrial processes. In simulation controller. Three subcontrollers such as RTU2, RTU3, and environment(inFigure1),SCADAmaincontrollermonitors RTU7areindividuallyconnectedtosuperviseandcontrolthe the whole water pumping system through configured sub- waterheatingprocessesincludingwaterincoming/outgoing controllers.Rawwateriscollectedinmainstorage(ormain pressure,waterlevel,coolinglevel,andelectricityconsump- water storage) and distributed to local storages by mean of tion, while the remaining subcontrollers such as RTU4, motors, which would further use in cooling/heating oper- RTU5,andRTU6areconnectedwithwatercoolingprocesses ations. Two water pressure intelligent-sensors are directly andperformseveraloperationsincludingmonitorthewater connected with local water storages, which check/monitor levelinlocalstoragethroughlevelsensorsandwaterpressure the water pressure status; integrated programmable logic bypressuresensors,coolingprocessesthroughcoolerdevice controllers (PLCs) are used to manage (or control) the and cooling level by cooling control sensor, and electricity pumping according to main controller set points. Meaning consumption. On the other side, the overall multicasting that, if the water level in low in the local storage, then transmission is controlled by node called sensor-controller operationalheater/cooler(orheater/coolerdevices)isturned nodeandthemaincontrollerisusedforcommandsexecution off and subcontrollers activate the water pumping from or set points to subcontrollers and monitoring purposes. main storage. An intelligent-sensor designated as cooling In this study, a simulation base water pumping system is controlsensorisdirectlyattachedwithcooler(device),which designedinthefirstphase,and,inthesecondphase,security controls and monitors the cooling levels according to the is implemented during bytes multicasting transmission and maincontroller/subcontrollersetpoints. itsevaluationprocessthroughattacksscenarios. Ontheotherside,ifthesensorssensethewaterlevelis high or according to the set points, then water pumping 4.1. Multicasting Routing. In SCADA/DNP3 testbed, bytes isdeactivatedandcorrespondingoperationsareperformed. or frames are constructed in DNP3 protocol stack and Anintelligent-sensorcalledheatingcontrolsensorisdirectly transmittedtointernetprotocol(IP)viauserdatagrampro- attached with heater (device), which controls and monitors tocol (UDP) which is situated below then DNP3 protocol; the heating levels according to the main controller/subcon- transportcontrolprotocol(TCP)isusedincaseofresponse troller set points. The overall information is processed by bytes. In testbed setup (in Figure2), seven subcontrollers themeansofconfiguredsensors;thesubcontrollersreadthe are configured with main controller or main node via four informationfromsensors;then,thisinformationisprocessed routers.Theoverallconnectivitybetweensubcontrollersand tomaincontrollerformonitoringpurposes. main controller is statically configured, meaning that all 4 InternationalJournalofDistributedSensorNetworks Main controller R1 Subcontroller Multicasting group: 224.2.2.2 R2 RTU7 RTU4 RTU2 R3 R4 RTU5 RTU3 RTU6 Figure2:Testbedsetupandconfiguration. subcontrollers are known in advance, with multicasting Table1:NewDNP3stackwithCDBbytes:theCDBcontained56 groupIP:224.2.2.2whichavoidstheunknownentryduring bytesandwouldbeincreasedaccordingtothebytesrequirements. multicasting transmission. The routers such as R1, R2, R3, Theadditional32bytesofCRCaredynamicallyaddedinCDBfrom and R4 are also configured statically, having multicasting datalinklayer.TheCDBhasnumberoffieldswithdistinctbytes, whichareemployedduringsecuritydevelopment[36]. tables,whilethisshouldbedecidedbymaincontrollereither deleteoraddthenode(s)from/tomulticastinggroupor/and Sourceaddress Destinationmulticastingaddresses multicastingtable.Amulticastingprotocolorprotocolinde- Userbytes pendent multicast (PIM) has been used and configured, Cryptographykeysequence whichsetsupthedirectionscalleddistributiontreebetween main controller and subcontrollers of SCADA multicasting Cryptography(bytes):dynamicstorage(bytes) groupduringtransmissionofbytes,withoutsettingthetime Option(bytes) Padding(dynamicbytes) tolive(TTL)field.Atotherside,therouter“R1”connected Acknowledgment with main controller uses the Internet Group Management Noncritical(bytes) Critical(bytes) Protocol (IGMP) to identify the connected hosts within Solution:selectmethod SCADA network and also keeps the track of multicasting members, based on main controller selection list. Meaning that,eachtimemaincontrollertransmitsamessagetomul- ticasting hosts or subcontrollers, the router lookup table is or cryptography dynamic buffer (CDB) is employed which updatedwithspecifiedsubcontrollerslistviamaincontroller keepstheinformationofsecurityimplementationandother and the remaining nodes in table are voided by router. All relateddetail.CDBcontains56byteswhichwouldbeutilized routersareconfiguredstaticallywithspecifiedsubcontrollers, duringwholesecuritydesignandimplementation.InTable1, buttherouter“R1”connecteddirectlywithmaincontrolleris a field called “user bytes” is designated for those bytes, updatedeachtimebasedonmaincontrollerselectionprocess which have been constructed in DNP3 stack, while the for multicasting subcontrollers. When a router receives the otherfieldsincludingsourceaddress,destinationmulticast- multicasting packets according to main controller selection ingaddresses,cryptographykeysequence,andcryptography process,therouterforwardsthepacketstosubcontrollersof (bytes),dynamicstorage(bytes),option(bytes),paddingor multicastinggroup,inconnectednetwork(s). dynamicbytes,acknowledgment,noncritical(bytes),critical (bytes),andsolutionorselectmethod,belongtoCDB,which 5.SecurityDesignandImplementation performsdistinctfunctionsduringsecuritydevelopment[23, 36]. SCADA/DNP3 stack has been designed and security is InFigure3,eachtimemessagehasbeenmulticastfrom deployedwithineachlayerincludingapplicationlayer,pseu- main controller to subcontrollers or/and vice versa (in case dotransportlayer,anddatalinklayer;anewdynamicbuffer ofresponse,acknowledgmentmessage);securityisdeployed InternationalJournalofDistributedSensorNetworks 5 Secure cryptography solution: encryption process Secure cryptography solution: hashing Secure cryptography solution: encryption process User application layer: sender (bytes) Application layer: APDU/APDUsbytes (construction) EAHnPacsDrhyU: pA tbiPyoDtne Us( su ebscyirnteegts AkeEyS): Pseudotransport layer: TPDU/TPDUs bytes (construction) Hash: TPDU bytes Data link layer: LPDU/LPDUsbytes (construction) HasELhPn: DcernUycpb rbtyyiytoptenetses (d us eLsciPnrDegt U Ak eEyS): Physical layer: communication media User application layer: receiver (bytes) Application layer: APDU/APDUsbytes (construction) HDHaeascskhrhey :dy pA)itg:iP eUoDsnstUi sbn: ygcbto yeAmtsEe (psSs ae rcirseotn Pseudotransport layer: TPDU/TPDUs bytes (Construction) HaHsha dshig: eTsPtsD: cUo mbyptaersison Data link layer: LPDU/LPDUsbytes (construction) DHHeaackssrhheyy :pd )et:ini guocebnsrsiy tynbstpge:y ts cteA eodsEm L(SspP eaDcrriUesotn Physical layer: communication media Secure cryptography solution: decryption process Secure cryptography solution: hashing Secure cryptography solution: decryption process Figure3:SecurityimplementationwithinDNP3stack:thecurrentstudydeploysacryptographybasedsecuritysolutionagainstSCADA/ DNP3 multicasting in security. Two cryptography algorithms such AES and SHA-2 are employed to compute the security test such as authentication,confidentiality,andintegrity.Thenonrepudiationtestisalimitationofthisstudy,duetotransmissionlimitations.Thepublic keycryptographyisnotappropriateforSCADA/DNP3multicastingtransmissionbutshouldbeusedinunicastingcommunication. before transmitting to open network, such that 3-way- logical stack, with security bytes. The highlighted bytes in hashing using SHA-2 algorithm is deployed at each layer, DNPstack,thebytes0x00c3and0x00c1,representtheappli- andsymmetricencryptionusingAESalgorithmisdeployed cation layer header bytes; the byte “0x001c” is representing in application layer and data link layer of DNP3 protocol. thepseudotransportlayerheaderbyte,andthebytes0x00aa Meaningthateachsubcontrollerhastwosecretkeysduring and0x00ccarerepresentingthedatalinklayerheaderbytes, security deployment plus 3-way-hashing. The performance whiletheremaininghighlightedbytessuchas0x001a,0x00ee, that Figure7 shows is the bytes allocation and utilization 0x002a, and 0x00ee in application layer stack, 0x002a and during message design and security deployment. The CDB 0x00ee in pseudotransport layer stack, and 0x001a, 0x00ee, contains 56 bytes, which have been utilized during security 0x002a,and0x00eeindatalinklayerstackarerepresenting developmentandareenoughforinformationstorage,evenin the security bytes via cryptography dynamic buffer (CDB). case,maximumbytes,oruserbytesas1992bytesarereceived Thereamingbytesinhexadecimalformatarerepresentingthe fromuserapplicationlayertolowerlayerofDNP3;without userbyteswhichareconstructedinDNP3stackoreachlayer use of CRC (cyclic redundancy code) bytes from data link of DNP3 stack and the shaded area shows that the space is layer.Infewexperiments,secretkeyisonlyemployedondata empty,andthiswouldbefilledupincaseof1992userbytes linklayerframeorlinkprotocoldataunit(LPDU)bytes,not thatareconstructedandmanipulatedinapplicationlayer. inapplicationlayer.Thecorrespondingperformanceresults Themessageisdistinguishedatapplicationlayerwhether are significantly affected, while being compared with first sending bytes or response bytes. In application layer, send- security deployment scenario. In testbed, link layer frame ing/responsemessageisdistinctbyoccupiedbytes.Meaning orLPDU bytes are encrypted, but in few cases, this isdiffi- thatsendingheadercontainstwobytesandresponseheader cult to identify the main controller or/and subcontrollers contains same fields of sending header, plus two bytes field addresses. Therefore, two external fields, source address, 2- calledinternalindication(IIN). bytes (unassigned), and destination multicasting address, 4-bytes (unassigned), are added which would be meaning Example. Suppose that main controller wants to execute full in identification process, and authentication process of read/writecommands,andsubcontroller(s)willresponseby internal/external addresses during decryption operation, at employingIINfield.Suchthat data link layer. Table2 shows the detail of CDB field’s and Request:ReadFunction<C301> correspondingbytesdetail. In Figure4, SCADA/DNP3 stack is designed and bytes Response:<C3810000> are flowed from user application layer to DNP3 application Request:WriteFunction<C302> layeranddownward.TheDNP3stackisdesignedtomanage Response:<C3810000> themaximumbyteswhichflowfromuserapplicationlayeror incase,whenapplicationlayerbufferisfullas2048bytesplus Thebyte“C3”isrepresentingtheapplicationcontrol(AC) 56 bytes of CDB. The number of rows (RWs) and columns andfunctioncode(FC)“01”isaddedforread(request)and (CLs) with corresponding offsets shows the complete DNP functioncode(FC)“02”isaddedforwrite(request).Onthe 6 InternationalJournalofDistributedSensorNetworks Table2:CDBdynamicfieldswithallocatedbytes. Number Fieldname Occupiedbytes Description Externalfieldrepresentingthemaincontrolleraddressduring 1 Sourceaddressandport 2bytes multicastingtransmissionorincaseofresponsefromeachsubcontroller Destinationmulticasting 2 4bytes Representingthemulticastingaddressesofselectedsubcontrollers addressesandports 3 Userbytes 2bytes Keeptheinformationofprotocolconstructedbytes Cryptographykeysareemployedwithdistinctnumbersandcountedin 4 Cryptographykeysequence 4bytes thisfield Cryptography:dynamic Informationisupdatedandbytesaredynamicallyin/out,accordingto 5 22–56bytes storage therequirements 6 Option 2bytes Verifythecontentsofmessage,beforetransmission 7 Padding 2bytes Ensureandshowthestatusofcompletedmessage 8 Acknowledgment 2bytes Maincontroller/subcontrolleracknowledgmentmessage 9 Critical 1byte Showthestatusofabnormalentity 10 Noncritical 1byte Ensurethebytesareflowedinnormaltransmission 11 Solution:selectmethod 1byte Showthedetailofsecuritymethodthatisbeingused otherside,internalindication(IIN)fieldcontainstwobytes, Proof (security development). The “𝑋” is application layer andcorrespondingcodes<0000>aregeneratedinresponse, constructed bytes and “𝜇” is a function that performs plusfunctioncode(FC)“81”inbothcases:readandwrite. theencryption“Ey”onbytes“𝑋.”Thetotalconstructedbytes from application layer have been added in cryptography Request:Cold RestartFunction<C30D> dynamicbuffer(CDB)“𝑏dy”andcryptographyfunctionssuch Response:<C3810000> as symmetric encryption “Sym𝑓” using AES algorithm and Request:Warm RestartFunction<C30E> hashing “𝐻𝑓” using SHA-2 is performed on bytes. Upon receiving,decryptionfunction“Dy”isperformedusingthe Response:<C4810000> sharedkeyswithsender/receiverhashdigests. In another example, main controller wants to execute ApplicationLayer.Encryptionprocessisasfollows: thecold restartandwarm restartfunctionsusingcodes:0D and0E.Inresponse,subcontrollerstransmitIINcodes<00 { 00>, plus function code (FC) “81” in both cases, but AC ∃:∀𝜇A𝑆(L𝑚,𝐻,𝐸[𝑘]):EyA𝑖←L𝑢 ,𝐸→Sym𝑓,𝐻→𝐻𝑓{∃:∀𝑋A𝛼=L∧ rb { code is different as “C3,” in case of cold restart and “C4” incase ofwarm restart. In multicasting,each subcontroller is responses with distinct sequence number. Application lim←𝑘 } (1) control (AC) field contains 5 bits subfield called sequence, ⋅ ∑ ∃:∀𝜇A𝑆L(𝑓𝑛 :𝑋𝑓AL→𝑓 )}‖𝑓𝑛 :𝑓𝑛 : 𝑛 plus 1 bit of confirmation. Therefore, each subcontroller is 𝑖←𝑢rb,𝑓→𝑓𝑛 } responses to main controller using distinct sequence num- bers,from0to15. 𝑋AL . 𝑏dy,𝑓→𝑓 ThemoreconciseflowofSCADA/DNP3systemisillus- 𝑛 trated as in Figure5. In multicasting flow, DNP3 protocol bytes are constructed in each layer, and corresponding ApplicationLayer.Decryptionprocessisasfollows: functionsaremanipulatedfollowedbyrequestandresponse ∃:∀𝜇AL : messages[25,37].Atmaincontrollerside,DNP3requestis 𝑅(𝑚,𝐻,𝐸[𝑘]) generated and multicast to remote terminal units (RTUs), followedbymulticastinggroup.Fourremoteterminalunits { AL AL (RTUs) included RTU3, RTU4, RTU6, and RTU7 and are Dy𝑖←𝑢 ,𝐷→Sym𝑓,𝐻→𝐻𝑓{Ey𝑖←𝑢 ,𝐸→Sym𝑓,𝐻→𝐻𝑓 depictedwhichreceivedthemaincontrollerrequestmessage. rb { rb In response bytes flow, response is generated from RTUs (2) lim←𝑘 } and transmitted back to main controller; in this scenario, unicastingcommunicationisemployedratherthanmulticas- ⋅ ∑ ∃:∀𝜇A𝑆L(𝑓𝑛 :𝑋𝑓AL→𝑓 )}‖𝑓𝑛 :𝑓𝑛 : 𝑛 ting. Numbers of examples are taken from SCADA/DNP3 𝑖←𝑢rb,𝑓→𝑓𝑛 } transmission during flow of request/response bytes and are 𝑋AL . visualizedasinFigure6. 𝑏dy,𝑓→𝑓𝑛 InternationalJournalofDistributedSensorNetworks 7 DNP3 stack with UDP protocol Source address: logical port number Multicasting destination addresses Session App. offset (Logical) APDU with encryption bytes (logical) 0x0000 RW/CL CL0 CL1 CL2 CL3 CL4 CL5 CL6 CL7 CL8 CL9 CL10 CL11 CL12 CL13 CL14 CL15 CL16 ··· CLn 0x0010 RW0 8d 2b 8d af 8d 6c af ca fa 4c fe 1e cf 0d fa fa cf 0x0020 RW1 fa 84 ba a2 fa 6e a2 b8 1e cf 0d ba ea fa a7 ba cf 0x0030 RW2 a2 ca ee 4c a2 aa ee ee 98 0d ee 8d 6c af 1e 8d 34 0x0040 RW3 fa 84 ba a2 fa 4c fe 1e cf 0d fa 84 ba a2 6e a7 ba 0x0050 RW4 fa cc ba 6e fa a7 6e ec 2b ba ea fa aa ca bf ca cf 0x0060 RW5 a2 fa 4c a2 aa c3 01 1a ee 2a ee 0x0070 RW6 0x0080 RW7 0x0090 RW8 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 0x0100 RW9 Reserved Tran. offset (Logical) TPDU with encryption bytes (logical) 0x0000 RW/CL CL0 CL1 CL2 CL3 CL4 CL5 CL6 CL7 CL8 CL9 CL10 CL11 CL12 CL13 CL14 CL15 CL16 ··· CLn B) D 0x0110 RW0 fe ba fe ba ba 1e ba fe ba ba 1e ba 1e ba cf ba cf C 0x0120 RW1 fa a7 4c a7 4c a7 f3 fe fe ba fe ba ba 1e 48 ee 48 er ( ff u 0x0130 RW2 fe b8 f3 ba fe ba fe 4c ba 1e ba 1e ba cf ba cf ba b c 0x0140 RW3 cf a7 cf f3 bf a7 cf f3 ba cf ba cf f3 ba fe fe fe mi a 0x0150 RW4 fe b8 f3 ba fe ba fe cf ba 1e ba 1e ba cf ba cf fe yn d 0x0160 RW5 f3 bf f3 bf f3 48 ee 1c 2a ee hy p 0x0170 RW6 gra o 0x0180 RW7 pt y 0x0190 RW8 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx Cr 0x0200 RW9 Reserved L(iLnokg. oicffasl)et (Logical) LPDU with encryption bytes 0x0000 RW/CL CL0 CL1 CL2 CL3 CL4 CL5 CL6 CL7 CL8 CL9 CL10 CL11 CL12CL13CL14CL15CL16 ··· CLn 0x0210 RW0 cf cf f3 ba f3 cf f3 cf ba f3 cf ba cf ba cf 34 ba 0x0220 RW1 48 f3 cf f3 bf a7 cf f3 ba cf ba ee 48 ee 48 ba ee 0x0230 RW2 ba b8 f3 b2 fe ba fe 4c fe 1e ba 1e ba b8 ba 8d b2 0x0240 RW3 ee aa ee ee 98 0d ee 8d 6c aa ee ee 98 0d 48 ba ee 0x0250 RW4 6e cf f3 ba f3 ee f3 cf ee f3 cf ba ba b2 ba 8d b2 0x0260 RW5 f3 98 ee 8d 6c 8d 6c f3 aa cc 1a ee 2a ee 0x0270 RW6 0x0280 RW7 0x0290 RW8 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 0x0300 RW9 Reserved Physical layer Multicasting bytes UDP (protocol) IGMP (protocol) Figure4:LogicalbytesflowinDNP3stack:thebytesareconstructedaccordingtoSCADA/DNP3protocolspecifications,securityisdeployed, andcorrespondinginformationisupdatedinCDB.Eachlayerstackshowsthemaximumbytesfollowedbynumberofcolumnsandrows. Theshadedareashowsthatbytesarenotplaced,becauselimitedbytesarereceivedfromuserapplicationlayer.Therefore,emptycellsare shadedortreatedaspadding,bywhomDNP3protocolensuresthatmessageiscompleted,withsecurityimplementation.However,fewbytes arereservedwithineachlayerstack,whichwouldbeusedforfuturedevelopments. 8 InternationalJournalofDistributedSensorNetworks Figure5:SCADA/DNP3communication:bytesflowduringmulticasting. The “𝑄” is pseudotransport layer constructed bytes and “𝛼”isafunctionthatperformsthehashingonbytes“𝑄.”The totalconstructedbytesfrompseudotransportlayerhavebeen TransportLayer.Decryptionprocessisasfollows: added in cryptography dynamic buffer (CDB) and hashing lim←𝑘 fruecnecitviionng“s𝐻id𝑓e”,uhsaisnhgvSaHlu-e2iisspcaerlcfourlamteeddaonndbsyetensd“e𝑄r/.r”eAcetitvheer 𝐻(∃: ∀𝑄T𝛼=L∧⋅𝑖←𝑢∑,𝑓→𝑓 ∃: ∀𝛼T𝑆L(𝑓𝑛 :𝑄𝑓TL→𝑓𝑛))‖ rb 𝑛 hash digests are compared which verified the integrity of bytes. 𝑓𝑛 :𝑓𝑛 :𝑄𝑏TdLy,𝑓→𝑓𝑛 ∈ℎdigest𝑆 =𝐻(∃: ∀𝑄T𝛼=L∧ TransportLayer.Encryptionprocessisasfollows: (4) lim←𝑘 ⋅ ∑ ∃: ∀𝛼𝑅TL(𝑓𝑛 :𝑄𝑓TL→𝑓 ))‖𝑓𝑛 :𝑓𝑛 : 𝑛 lim←𝑘 𝑖←𝑢rb,𝑓→𝑓𝑛 𝐻(∃:∀𝑄T𝛼=L∧⋅𝑖←𝑢rb∑,𝑓→𝑓𝑛∃:∀𝛼T𝑆L(𝑓𝑛 :𝑄𝑓TL→𝑓𝑛))‖𝑓𝑛 : (3) 𝑄𝑏TdLy,𝑓→𝑓𝑛 ∈ℎdigest𝑅, equalhashvalues. The “𝐽” is data link layer constructed bytes and “𝛽” is 𝑓𝑛 :𝑄𝑏TdLy,𝑓→𝑓𝑛 ∈ℎdigest𝑆. a function that performs the encryption “Ey” on bytes “𝐽.” InternationalJournalofDistributedSensorNetworks 9 The total constructed bytes from data link layer have been added in cryptography dynamic buffer (CDB) and cryp- 𝑓 tography functions such as symmetric encryption “Sym ” using AES algorithm and hashing “𝐻𝑓” using SHA-2 are performed on bytes. Upon receiving, decryption function “Dy”isperformedusingthesharedkeyswithsender/receiver hashdigests. DataLinkLayer.Encryptionprocessisasfollows: { ∃:∀𝛽D𝑆(L𝑚,𝐻,𝐸[𝑘]):EyD𝑖←L𝑢 ,𝐸→Sym𝑓,𝐻→𝐻𝑓{∃:∀𝐽D𝛼=L∧ rb { lim←𝑘 } (5) ⋅ ∑ ∃:∀𝛽D𝑆L(𝑓𝑛 :𝐽A𝑓L→𝑓 )}‖𝑓𝑛 :𝑓𝑛 : 𝑛 𝑖←𝑢 ,𝑓→𝑓 } rb 𝑛 𝐽DL . 𝑏dy,𝑓→𝑓 𝑛 DataLinkLayer.Decryptionprocessisasfollows: ∃:∀𝛽DL : 𝑅(𝑚,𝐻,𝐸[𝑘]) { Freiqguuerset/re6s:poSnCsAeDmAes/DsaNgePs3. communication: bytes flow during DyD𝑖←L𝑢rb,𝐷→Sym𝑓,𝐻→𝐻𝑓{{EyD𝑖←L𝑢rb,𝐸→Sym𝑓,𝐻→𝐻𝑓 (6) lim←𝑘 } ⋅ ∑ ∃:∀𝛽D𝑆L(𝑓𝑛 :𝐽𝑓AL→𝑓 )}‖𝑓𝑛 :𝑓𝑛 : 𝑛 𝑖←𝑢 ,𝑓→𝑓 } rb 𝑛 𝐽DL . 𝑏dy,𝑓→𝑓 𝑛 2000 1800 1600 1400 6.PerformanceEvaluationandComparison 1200 1000 800 Number of times testbed experiments has been run and 94 600 experimentsareindividuallyselectedtoperformeachsecu- 400 200 rity test. In each of the 94 experiments, 12 experiments are 0 1 7 13 19 25 31 37 43 49 55 61 67 73 employedandspecifiedforacknowledgment,whilerequired from subcontrollers 2 experiments are used to check the Application layer bytes Communication: normal transmission errors and flow; 4 experiments are used and Pseudotransport layer bytes Type: multicasting specified for acknowledgment, while being required from Data link layer bytes x-axis: number of experiments main controller; and remaining 76 experiments are used to CDB bytes y-axis: random bytes performmeasurements. Protocol: SCADA/DNP3 The comparison process of computed performance Figure 7: DNP3 stack with CDB bytes allocation and utilization: resultsareinvolvedintotwobasicphasessuchastotalattacks the successful experiments are performed 76 times and the level detection percentages (which are based on fully attacks ofbytesiscomputedfromtotalallocationandutilizationofbytes. detectionpercentageandpartiallyattacksdetectionpercent- As shown in 𝑦-axis, random bytes are transmitted form master age) and total attacks impact percentage. As visualized in controllertosubcontroller(s).Thebluecolorlinesshowthebytes performance Figure14, the total attacks detection is 11% by utilized during application layer message construction, red lines additionoffullyandpartiallyattacksdetectionpercentages, show the pseudotransport layer bytes, and light green lines show in case of SCADA/DNP3 stack security, and total attacks thedatalinklayerbytes,whilepurplelinesareCDBbyteswhichare dynamicallycomputedformprotocolbythemeansofpadding,plus percentageisincreasedupto28%,incaseofSCADA/DNP3 originalCDBbytes. end-to-endsecurity. 10 InternationalJournalofDistributedSensorNetworks 120 115 110 105 RTU3 RTU4 RTU6 RTU7 100 95 90 85 80 75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 0 1 3 5 7 9 111315171921232527293133353739414345474951535557596163656769717375777981838587899193 Normal/abnormal communication Security: DNP3 (with-in) Authentication attacks Type: multicasting Confidentiality attacks x-axis: number of experiments Integrity attacks y-axis: random bytes Successful communication Figure8:AttackdetectionagainstSCADA/DNP3stacksecurity:theattacksincludingauthenticationattacks,guessingsharedkey,brute force,andpasswordguessing,usingbuilt-inattackingtoolssuchascrackingtools,sniffer,dsniff,winsniffer,andpassworddictionary;integrity attacks:frameinjection,datareplay,anddatadeletion,usingattackingtoolssuchasairpwn,file2air,dinject/reinject,captureandinjection tools,andjammingandinjectiontools;confidentialityattacks:eavesdropping,keycracking,andman-in-the-middle,usingattackingtools suchasethereal,ettercap,kismet,aircrack,airsnort,dsniff,andettercap,arelaunched282times,94experimentsareselected(orsampled)to verifyeachsecuritytestsuchasauthentication,integrity,andconfidentiality,throughthelevelofattacksdetection.Theattackspresentedby coloredmarkersshowthesuccessfuldetectionofattacks.Thegreenflowedlinesshowthenormaltransmissionduringbytesmulticastfrom maincontroller,in-between,attacksaredetected,andthenbytesfollowthenormalsequence.On𝑥-axis,94experimentsaresampled(or collected)fromtotalexperimentswhichshowedthemostapproximateperformances,andsequenceisusedfrom1to94.Total18experiments arenotlabeledbecausetheseexperimentsareusedforspecialpurposes. 120 115 110 105 100 RTU3 RTU4 RTU6 RTU7 95 90 85 80 75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 0 1 3 5 7 9 111315171921232527293133353739414345474951535557596163656769717375777981838587899193 Normal/abnormal communication Security: DNP3 (with-in) Authentication attacks x-axis: number of experiments Confidentiality attacks Type: multicasting Integrity attacks y-axis: random bytes Successful communication Results: partial test Figure 9: Attack detection (partially) against SCADA/DNP3 stack security: these are attacks, which are detected during abnormal communicationbuttheinfluenceisminimalor,inotherwords,fewbytesareinterceptedinwholepacket.Theattacksarecountedsowe designatetheseattacksaspartiallydetectedattacks.Thenumberofexperimentslabeledon𝑥-axisisthesameasFigure8experiments,with thesamedataratesbutdistinctattacklocations.Thepartiallydetectedattacksareseparatelygraphedwhichshowthedifferencewithfully detectedattacks(inFigure8).
Description: