DOI QR코드

DOI QR Code

SDN based Discrimination Mechanism for Control Command of Industrial Control System

SDN 기반 산업제어시스템 제어명령 판별 메커니즘

  • Cho, Minjeong (Department of Computer Science and Engineering, Seoul National University of Science and Technology) ;
  • Seok, Byoungjin (Department of Computer Science and Engineering, Seoul National University of Science and Technology) ;
  • Kim, Yeog (Research Institute of Electric and Information Technology, Seoul National University of Science and Technology) ;
  • Lee, Changhoon (Department of Computer Science and Engineering, Seoul National University of Science and Technology)
  • 조민정 (서울과학기술대학교 컴퓨터공학과) ;
  • 석병진 (서울과학기술대학교 컴퓨터공학과) ;
  • 김역 (서울과학기술대학교 전기정보기술연구소) ;
  • 이창훈 (서울과학기술대학교 컴퓨터공학과)
  • Received : 2018.05.20
  • Accepted : 2018.06.25
  • Published : 2018.06.30

Abstract

Industrial Control System (ICS) is a system that carry out monitoring and controls of industrial control process and is applied in infrastructure such as water, power, and gas. Recently, cyber attacks such as Brutal Kangaroo, Emotional Simian, and Stuxnet 3.0 have been continuously increasing in ICS, and these security risks cause damage of human life and massive financial losses. Attacks on the control layer among the attack methods for ICS can malfunction devices of the field device layer by manipulating control commands. Therefore, in this paper, we propose a mechanism that apply the SDN between the control layer and the field device layer in the industrial control system and to determine whether the control command is legitimate or not and we show simulation results on a simply composed control system.

산업제어시스템(ICS, Industrial Control System)은 산업 분야 제어 공정에 대한 감시와 제어를 수행하는 시스템을 말하며 수도, 전력, 가스 등 기반시설에서 응용되고 있다. 최근 ICS에 대해 Brutal Kangaroo, Emotional Simian, stuxnet 3.0 등 사이버공격이 지속적으로 증가하고 있고 이와 같은 보안위험은 인명피해나 막대한 금전적 손실을 초래한다. ICS에 대한 공격 방법 중 제어계층에 대한 공격은 제어명령을 조작해 현장장치계층의 장치를 오작동하게 하는 것이다. 따라서, 본 논문에서는 이에 대한 대응으로 산업제어시스템에서 제어계층과 현장장치 계층사이에 SDN을 적용해서 제어명령의 정상 여부를 판별하는 메커니즘을 제안하고 가상의 제어시스템을 구성해 시뮬레이션 결과를 소개한다.

Keywords

Acknowledgement

Grant : 원전 비안전등급 제어기기(DCS) 사이버침해 예방 및 탐지 기술 개발

Supported by : 한국에너지기술평가원(KETEP)

References

  1. K. Stouffer, J. Falce, K. Scarfone, "revision2: Guide to industrial control systems(ICS) security", NIST Special Publication, 800-82, 2014.
  2. Wikileak. Transferring Data Using NTFS Alternate Data Streams (DTNtfsAds_BK - Brutal Kangaroo). Available: https://wikileaks.org/ciav7p1/cms/page_13763236.html
  3. Wikileak. Emotional Simian v2.3 - User Guide. Available: https://wikileaks.org/vault7/document/Emotional_Simianv2_3-User_Guide/
  4. "Security Requirements for Industrial Control System - Part1: Concepts and Reference Model", Telecommunications Technology Association, TTAK.KO-12.0307, 2017.
  5. boannews. ICS / SCADA security, if not done properly, loses public trust. Available : http://www.boannews.com/media/view.asp?idx=66747&kind=3
  6. USA TODAY, AP Exclusive: Israeli tunnel hit by cyber attack. Available: https://www.usatoday.com/story/tech/2013/10/27/ap-exclusive-israeli-tunnel-hit-by-cyber-attack/3281133/
  7. 2016 ICS Vulnerability Trend Report. FireEye, 2016
  8. Alsiherov, F., & Kim, T. "Research trend on secure SCADA network technology and methods.", WSEAS Transactions on Systems and Control, Vol. 8, No. 5, pp 635-645.2010.
  9. Mahmood, A. N., Leckie, C., Hu, J., Tari, Z., & Atiquzzaman, M. "Network traffic analysis and SCADA security". In Handbook of Information and Communication Security, Springer, Berlin, Heidelberg. pp. 383-405. 2010.
  10. Sajid, A., Abbas, H., & Saleem, K. "Cloud-assisted iot-based scada systems security: A review of the state of the art and future challenges.", IEEE Access, Vol. 4, pp 1375-1384, 2016. https://doi.org/10.1109/ACCESS.2016.2549047
  11. B.J. Seok, Y. Kim, C. H. Lee, "A Study on Application Method of Crypto-module for Industrial Control System" Journal of Digital Contents Society, Vol. 18, No. 5 pp.1001-1008, Aug 2017. https://doi.org/10.9728/DCS.2017.18.5.1001
  12. Drias, Z., Serhrouchni, A., & Vogel, O.. "Analysis of cyber security for industrial control systems.", In Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on IEEE, pp. 1-8, 2015, August
  13. Fan, X., Fan, K., Wang, Y., & Zhou, R. "Overview of cyber-security of industrial control system." In Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on. IEEE, pp. 1-7. 2015.
  14. S. H. Kang, Y. H. Kim, S. H. Yang, "SDN core technology and evolution forecast analysis". Information & Communications Magazine, Vol. 30, No.3, pp3-8, 2013
  15. Piedrahita, A. F. M., Gaur, V., Giraldo, J., Cardenas, A. A., & Rueda, S. J. "Leveraging Software-Defined Networking for Incident Response in Industrial Control Systems.", IEEE Software, Vol. 35, NO. 1, pp. 44-50, 2018.
  16. da Silva, E. G., Knob, L. A. D., Wickboldt, J. A., Gaspary, L. P., Granville, L. Z., & Schaeffer-Filho, A. "Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study", In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on IEEE. pp. 165-173, 2015, May.
  17. Karnouskos, S. "Stuxnet worm impact on industrial cyber-physical system security." In IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society IEEE, pp. 4490-4494, 2011, November.