Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.6.1455

Advanced protocol against MITM attacks in Industrial Control System  

Ko, Moo-seong (Korea University, Graduate School of Information Security)
Oh, Sang-kyo (Korea University, Graduate School of Information Security)
Lee, Kyung-ho (Korea University, Graduate School of Information Security)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.6, 2015 , pp. 1455-1463 More about this Journal
Abstract
If the industrial control system is infected by malicious worm such as Stuxnet, national disaster could be caused inevitably. Therefore, most of the industrial control system defence is focused on intrusion detection in network to protect against these threats. Conventional method is effective to monitor network traffic and detect anomalous patterns, but normal traffic pattern attacks using MITM technique are difficult to be detected. This study analyzes the PROFINET/DCP protocol and weaknesses with the data collected in real industrial control system. And add the authentication data field to secure the protocol, find out the applicability. Improved protocol may prevent the national disaster and defend against MITM attacks.
Keywords
SCADA; ICS; Protocol; DNPSec; PROFINET; DCP; MITM;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 SCADA, http://en.wikipedia.org/wiki/SCADA
2 STUXNET, http://en.wikipedia.org/wiki/Stuxnet
3 Mai Kiuchi, Eiji Ohba and Yoshizumi Serizawa, "Customizing Control System Intrusion Detection at the Application Layer," The SCADA Security Science Symposium, pp. 2-11, Jan. 2009
4 Hadeli, Ragnar Schierholz, Markus Braendle, Cristian Tuduce and Sebastian Obermeier, "Leveraging Determinism in Industrial Control Systems for Advanced Anomaly Detection and Reliable Security Configuration," The SCADA Security Science Symposium, pp. 1-8, Sept. 2009
5 Ron Gula, "Identifying Attacks on Control Systems by Scripting Event Aggregation and Correlation," The SCADA Security Science Symposium, pp. 1-6, Oct. 2006
6 Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner and Alfonso Valdes, "Using Model-based Intrusion Detection for SCADA Networks," Proceedings of the SCADA security scientific symposium, pp. 1-12, Jan. 2007
7 Wanjib Kim, Huykang Kim, Kyungho Lee and Heungyoul Youm, "Risk Analysis and Monitoring Model of Urban SCADA Network Infrastructure," Journal of The Korea Institute of Information Security & Cryptology, 21(6), pp. 67-81, Jun. 2011
8 http://en.wikipedia.org/wiki/PROFINET
9 PROFINET Manual, http://www.profinet.felser.ch/index.html?dcp_frame.htm
10 Form of PROFINET DCP packet, http://www.industrialnetworx.com/forum/profinet/com-flag-not-set
11 PROFINET protocol family, http://wiki.wireshark.org/PROFINET
12 PROFINET Overview - DCP addressing and subnetting, http://us.profibus.com/docs/pi_white_paper_profinet_it_en_v1_0.pdf
13 PROFINET Addressing, PROFINET System Description Technology and Application, http://www.automation.com/pdf_articles/profinet/PI_PROFINET_System_Description_EN_web.pdf
14 DHCP Addressing, http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&objId=29451913&nodeid0=18977720&load=treecontent&lang=en&siteid=cseus&aktprim=0&objaction=csview&extranet=standard&viewreg=WW
15 Constructing and sending DHCP messages, http://www.freesoft.org/CIE/RFC/2131/20.htm
16 Pauline Koh, Hwajae Choi, Seryoung Kim, Hyukmin Kwon and Huykang Kim, "Intrusion Detection Methodology for SCADA system environment based on traffic self-similarity property," Journal of The Korea Institute of Information Security & Cryptology, 22(2), pp. 267-281, Apr. 2012
17 Munir Majdalawieh, Francesco Parisi-Presicce and Duminda Wijesekera, "DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework," Advances in Computer, Information, and Systems Sciences, and Engineering, 2006 Springer, pp. 227-234, Oct. 2006
18 Kim and Montgomery, "Behavioral and Performance Characteristics of IPSec/IKE in Large-Scale VPNs," Proceedings of the IASTED International Conference on Communication Network and Information Security, pp. 10-12, Dec. 2003
19 Erich Nahum, Sean O'Malley, Hilarie Orman, and Richard Schroeppe, "Towards High Performance Cryptographic Software," Citeseer, pp. 1-5, Oct. 1995
20 Gordon Clarke and Deon Reynders, "Practical Modern SCADA Protocols:DNP3, 60870.5 and related systems," pp. 10-15, Newnes. 2004
21 Bruce Schneier, Kelsey, J., Whiting, D., Wagner, D., Hall and C. and Ferguson N., "Performance Comparison of the AES Submissions," NIST, pp. 1-20, Feb. 1999
22 IEC 61850, http://en.wikipedia.org/wiki/IEC_ 61850
23 Sangkyo Oh, Hyunji Chung, Sangjin Lee and Kyungho Lee, "Advanced Protocol to Prevent Man-in-the-middle Attack in SCADA System," International Journal of Security and Its Applications, vol. 8, no. 2, pp. 1-8, Jan. 2014   DOI
24 BAGARIA, Sankalp PRABHAKAR, Shashi Bhushan and SAQUIB Zia, "Flexi-DNP3: Flexible distributed network protocol version 3 (DNP3) for SCADA security. In: Recent Trends in Information Systems (ReTIS)," 2011 International Conference on. IEEE, pp. 293-296, Dec. 2011
25 MAJDALAWIEH, Munir WIJESEKERA and Duminda, "DNPSec Simulation Study." In Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications, 2007 Springer, pp. 337-342, Jan. 2007