Design and Implementation of a Secure Modbus Protocol

@inproceedings{Fovino2009DesignAI,
  title={Design and Implementation of a Secure Modbus Protocol},
  author={Igor Nai Fovino and Andrea Carcano and Marcelo Masera and Alberto Trombetta},
  booktitle={Critical Infrastructure Protection},
  year={2009}
}
The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA… 
Security Vulnerabilities Of Scada Communication Protocols
TLDR
Security of SCADA systems, communication protocols and proposed methods to enhance the security of these protocols are reviewed.
Secure Cryptography Testbed Implementation for SCADA Protocols Security
TLDR
The two proposed cryptography solutions have been implemented within the communication of Modbus protocol and IEC 60870-5-104 protocol as part of SCADA system and performance results are measured during normal and abnormal communication.
Securing SCADA Applications Using OpenPLC With End-To-End Encryption
TLDR
Experimental results indicated that the encryption layer increased the security of the link without causing a significant overhead, and was modified to encrypt all data it sends over the network, independently of the protocol used.
Secure process control system of industrial networks
TLDR
A HMAC-based digital signature method was proposed to realize control code verification, and two active/passive schemes were proposed to monitor controller devices.
Enforcing End-to-End Security in Scada Systems via Application-Level Cryptography
TLDR
This chapter shows that, despite the modest computational resources of modern programmable logic controllers, it is possible to develop efficient cryptographic applications that enforce several data security properties in the application layer.
Security Enhancement Mechanism of Modbus TCP Protocol
TLDR
Modbus-E protocol can prevent the authentication attack, man-in-the-middle attack and replay attack of the instruction by the attacker and can comprehensively improve the security of Modbus TCP communication.
Formal Analysis of Security Properties on the OPC-UA SCADA Protocol
TLDR
This paper formally study the security of one of the most used industrial protocols: OPC-UA using ProVerif, a well known cryptographic protocol verification tool, and finds several attacks on the protocols and provides countermeasures.
A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics
TLDR
This survey provides an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols, and carries out an extensive review of the security proposals and tactics that aim to secure SCADA systems.
Implementation of Secure Communication With Modbus and Transport Layer Security protocols
TLDR
This paper addresses the security problems of the Modbus protocol, proposing a new secure version based on the Transport Layer Security protocol, which achieves request/response times way below the 16.67 ms period of the power grid 60 Hz cycle, revealing a negligible impact in power grids applications.
Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information
TLDR
A new security design was developed with the MODBUS protocol, which was considered to offer phenomenal performance for future development and enhancement of real IT infrastructure and is considered to be a complete development.
...
...

References

SHOWING 1-10 OF 24 REFERENCES
Security Strategies for SCADA Networks
TLDR
Two strategies for securing SCADA networks are described, both of which have been implemented in a laboratory-scale Modbus network, that utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards.
Low-Latency Cryptographic Protection for SCADA Communications
TLDR
A retrofit solution to protect existing SCADA communications links must assure the integrity of commands and responses that are typically transmitted over serial lines at speeds from 300 to 19200 bits per second, while introducing minimal additional latency into the real-time SCADA traffic.
Scada Malware, a Proof of Concept
TLDR
This paper presents a proof of concept of the potential effects of a set of computer malware specifically designed and created in order to impact, by taking advantage of some vulnerabilities of the ModBUS protocol, on a typical Supervisory Control and Data Acquisition system.
Attack taxonomies for the Modbus protocols
A Security Mechanism for Automation Control in PLC-based Networks
TLDR
To prove the necessity and the efficiency of the proposed security mechanism, the automation metering system is organized and the encryption, key generation and authentication algorithm for automation system in PLC-based network is proposed.
Industrial cybersecurity for a power system and SCADA networks - Be secure
TLDR
An overview of the security vulnerabilities of today's industrial control networks is presented, showing how existing systems are vulnerable but can be secured and how future systems can be made secure from the start.
Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security
TLDR
A new efficient cyber-security specifically designed for DNP3 at its interface with TCP/IP to augment utility commercial security capability is proposed.
DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework
TLDR
A new Distributed Network Pro tocol Version 3 Security (DNPSec) framework is recommended to enable confidentiality, integrity, and authenticity placed directly in the DNP3, with a minimum performance impact on the communication link.
BACnet wide area network security threat assessment
TLDR
While BACnets provides a means for device communication over an IP network using BACnet / IP, there is still no available implementation of the BAC Net standard's Clause 24 security features.
Effects of intentional threats to power substation control systems
TLDR
A simulation of cyber attacks conducted in the CESI RICERCA laboratory testbed on a prototypical substation control infrastructure with the purpose of testing their feasibility and illustrating their impact on the control system services is described.
...
...