SCADA security: a review and enhancement for DNP3 based ... · SCADA security: a review and...
Transcript of SCADA security: a review and enhancement for DNP3 based ... · SCADA security: a review and...
ORIGINAL RESEARCH
SCADA security: a review and enhancement for DNP3 basedsystems
Peeyush Jain • Paritosh Tripathi
Received: 30 October 2012 / Accepted: 16 August 2013 / Published online: 3 October 2013
� CSI Publications 2013
Abstract Supervisory control and data acquisition
(SCADA) systems are large-scale industrial control sys-
tems often spread across geographically dispersed locations
that let human operators control entire physical systems,
from a single control room. Early multi-site SCADA sys-
tems used closed networks and propriety industrial com-
munication protocols like Modbus, DNP3 etc to reach
remote sites. But with time it has become more convenient
and more cost-effective to connect them to the Internet.
However, internet connections to SCADA systems build in
new vulnerabilities, as SCADA systems were not designed
with internet security in mind. This can become matter of
national security if these systems are power plants, water
treatment facilities, or other pieces of critical infrastructure.
Compared to IT systems, SCADA systems have a higher
requirement concerning reliability, latency and uptime, so
it is not always feasible to apply IT security measures
deployed in IT systems. This paper provides an overview
of security issues and threats in SCADA networks. Next,
attention is focused on security assessment of the SCADA.
This is followed by an overview of relevant SCADA
security solutions. Finally we propose our security solution
approach which is embedded in bump-in-the-wire is
discussed.
Keywords SCADA security � Vulnerabilities �IDS � Key management
1 Introduction
Critical infrastructure is basically cyber-physical systems
(CPS) with embedded computing systems and communi-
cation capabilities at one side and the physical system at
the other. SCADA is a communication technology scheme
for collecting data from distant facilities and also control-
ling them. SCADA system allows an operator to make set
point changes on distant process controllers, to monitor
alarms and to gather measurement information from a
remote location. SCADA systems are composed of three
components, remote terminal units (RTU) to collect data
from remote sensors and devices, Master station with
human machine interface (HMI) for monitoring and con-
trolling and communication Infrastructure for connecting
the various components of the SCADA.
The benefits of using the Internet technology to carry
SCADA communications come at the cost of compromised
security since the data over the Internet can be an easy target
for an attack [1–6]. To make the situation more challenging,
industrial communication protocols like DNP3 [7], and most
other SCADA protocols [8, 9], have no built-in security
feature such as message authentication, which assures that a
party to some computerized transaction is not an impostor.
Various threats that these protocols face include eaves-
dropping, man-in-the-middle attack (in which a malicious
hacker not only listens to the messages between two
unsuspecting parties but can also modify, delete, and replay
the messages), spoof and replay (an attack that attempts to
trick the system by retransmitting a legitimate message),
unauthorized access either by human (intentionally or acci-
dentally) or by specialized software. The other possibilities
of attacks are due to the fact that function codes and mes-
sage flags in different SCADA protocols can be manipulated
[10]. This causes violation of integrity, confidentiality and
P. Jain (&) � P. Tripathi
Centre for Development of Advanced Computing, Gulmohar
Cross Road No. 9, Juhu, Mumbai, India
e-mail: [email protected]
P. Tripathi
e-mail: [email protected]
123
CSIT (December 2013) 1(4):301–308
DOI 10.1007/s40012-013-0024-2
improper commands for RTUs, etc. Anybody can control a
SCADA device with injection of malicious packets into the
network. Denial of service (DoS) attacks, deleting system
files, planting a trojan to control the system, modifying any
logged data in remote database system and IP Spoofing are
other possible threats to SCADA systems [11]. These threats
may lead to shutting down operations, data loss, gaining
complete control and defaming etc [6, 12].
The security models developed for IT systems may not
suit the security requirements of SCADA systems. SCADA
systems have many characteristics that differ from IT
systems, including different risks and priorities. Some of
these include performance, availability, time-critical
responses, resource constraints, communication, system
operation, access to components. For SCADA systems,
availability is top most priority followed by confidentiality
and integrity. For IT systems, confidentiality is top most
priority followed by integrity and availability. The key
technical challenges revolve around the limitations of what
can be installed and configured on the SCADA systems and
the technical limitations of other components within the
SCADA environment [13]. These constraints should be a
basic consideration for applying a security mechanism.
– Limited computational capacity: The RTUs have very
low computational power.
– Limited space capacity: Memory of RTUs is usually
quite low.
– Low bandwidth: The data transmission rate for SCADA
systems is low.
– Real-time processing: Transmission and processing of
data in SCADA systems should be timely. Otherwise it
may cause latency problems.
2 Related work
Lot of work has been reported in the scientific community
about SCADA security [14, 15]. Some of them have
explored cryptographic primitives while others have
explored intrusion detection or a combination of these two.
There have been many guidelines laid down for securing
SCADA systems from agencies like NIST, NERC etc on
things like secure access control, network security policy
etc for critical infrastructure. Sandia National Laboratories
proposed a cryptographic key management and key
establishment approach for SCADA (SKE) [16] in 2002.
This scheme uses CA for handling key management and
distribution in an automatic fashion. All keys used are of
128 bit in length. RTU to RTU communication is not
possible in this mechanism. Also it does not support
broadcast and multicast communication. Information
Security Institute [17] proposed architecture for SCADA
systems (SKMA) where a new entity ’key distribution
center (KDC)’ came into picture, which is used to maintain
long term keys for every node. KDC also contains infor-
mation regarding the system structure, and allows or denies
the key establishment requests; while doing this role; it
supports the distribution of keys. Donghyun Choi and co-
authors [18] also proposed his approach which supports
multicast and broadcast with an additional computation at
run time at MTU side. The approach provides multicasting
in a limited fashion. For distribution of key, the approach
uses a KDC, which constructs logical key structure and
uses Iolus framework. Simple public key infrastructure
(SPKI) was developed starting in 1995. Simple distributed
security infrastructure (SDSI) is a new design for a public
key infrastructure, designed by members of LCS’s Cryp-
tography and Information Security research group [11].
The wireless sensor networks (WSN) have intelligent
distributed control capabilities, and the capability to work
under severe conditions, so some of the schemes of this
area may be useful for securing SCADA systems, as PKI. It
uses public key encryption only for some specific tasks as
session key setup between the base station and sensors
giving the network an acceptable threshold of confidenti-
ality and authentication. PKI only implements a subset of a
PKI services.
A number of key establishment protocols based on pre-
distribution are explored, but they do not scale effectively
to large networks. For a given level of security each pro-
tocol incurs a linearly increasing overhead in either com-
munication cost per node or memory per node or both.
These symmetric key based schemes are computationally
efficient; the trade-off has to be paid for complicated key
pre-distribution and key management. In particular, the
public key cryptography, symmetric key encryption and the
addition of SKE-based key management will likely make
strong security a more realistic expectation in the future.
We also expect that the hardware of SCADA will be
improved so that it can be suitable for the application of
cryptography.
Intrusion detection is defined as the process of moni-
toring the events occurring in a computer system or net-
work and analyzing them for signs of possible incidents,
which are violations or imminent threats of violation of
computer security policies, acceptable use policies or
standard security practices [19, 20]. Two major approaches
of intrusion detection are signature based and anomaly
based. The signature detection matches traffic to a known
misuse pattern while the anomaly detection works on the
abnormalities in the observed data. There are other meth-
ods which fall between the two approaches like probabi-
listic based and specification based [21]. One embeds
probabilistic modelling while the other allowable system
traffic patterns. Misuse based detection methods have
302 CSIT (December 2013) 1(4):301–308
123
reached a saturation point, most of the current research has
been in writing signatures or enhancements of signature
matching using state machines (regex). Generating good
signatures requires extensive study and in-depth vulnera-
bility assessment of the system which is a tedious task in
itself. We have come across [22] which provide signatures
for SCADA specific IDS though. Lot of research has been
going on in anomaly based detections [23, 24]. Zhu and
Sastry [21] give a very detailed outlook of IDS for SCA-
DA. Recently it has been observed that two types of
approaches state based intrusion detection and its
enhancements [25, 26] and model based security [27, 28] is
what the research community is majorly focusing on. Both
the approaches require the real system to be represented
and updated as per changes that take place in the real
network. In state based approach, the representation is in
form of tag, value pairs for each PLC/RTU which these
units are sensing. The idea is to define critical state on
predicates of these tag value pairs. One of most important
advantage that has been suggested is to identify critical
state even if licit commands are sent but their combined
effect is catastrophic. In the model based approach the real
system is represented as cyber-physical system. To depict
such a system, researchers use available simulator [29] for
the physical part and protocol adaptors for the cyber part.
This CPS can then be used to observe effect of commands
on real network by first executing them on the simulated
environment and if found threatening, generating alerts.
Most of work that has been explored does not provide
clarity on how bad data injection [30] would be tackled. As
obvious signature based approaches are too dependent on
regular update of signatures and anomaly based on training
data for intrusion detection. In case of model based
approach defining accurate models and false alarms may
become challenging.
3 Security solution
To meet the challenges discussed in the previous section, we
propose an integrated security framework for power sys-
tems. The proposed solution is a bump in the wire which
consists of key distribution, encryption–decryption, and
intrusion detection. This solution caters to data security at
communication channel and an independent method of
verification of the responses from power system for intrusion
detection. The proposed security solution architecture is
shown in the Fig. 1 and implementation of our bump-in-the-
wire solution in SCADA system is shown in Fig. 2. As
shown in Fig. 2 the key will be distributed at the time of
installation of bump-in-the-wire between the MTU and RTU
at both sides, then it will be automatically revoked period-
ically using our key distribution protocol (Sec-KeyD). To
explain the data flow through our security solution we
consider data flow from MTU to RTU. When MTU has to
send some commands it will pass through bump-in-the-wire
at MTU side. Bump-in-the-wire contains a protocol hard-
ening solution i.e. Flexi-DNPSec [31], which converts
DNP3 packets into new format, called as Flexi-DNPSec
packets. This conversion helps to integrate our key man-
agement solution with it because DNP3 doesnt provide such
facility. Now Flexi-DNPSec protocol have the key man-
agement features i.e. key generation, key distribution, stor-
age, automatic key revocation and encryption/decryption
using our key distribution and key management scheme.
When data passes through bump-in-the-wire device,
encryption of the coming data will take place using the same
key that has been exchanged initially. Then encrypted data
will traverse the network and will be captured at the RTU
side and decrypted using the same key. Once the data is
decrypted, it will re-converted into DNP3 packets. A copy of
it will be passed to the IDS. IDS uses an extended finite state
machine (EFSM) for state transition and event recognition
for DNP3, based on the specifications developed. The
specifications are developed for function codes, object
headers, qualifiers etc part of the DNP3 protocol header to
characterize the expected behavior of network under pur-
view. In the proposed approach the specifications developed
is used for validation in a given message so as to extract any
anomaly in the message. In case of any anomaly detected,
the IDS will respond with an alert message to its corre-
sponding substation. The same will be communicated to
MTU. For encryption–decryption we are using Blowfish.
The detail working of components of our security solution
will be discussed in subsequent sections.
3.1 Security solution components
3.1.1 Intrusion detection
Sekar et al. [32] introduced a category of specification-
based intrusion detection. Specification-based approach
takes the manual development of a specification that
captures legitimate system behaviour and detects any
deviation thereof. This approach can detect unknown
attacks with low false alarm rate. In a narrow sense,
specification-based anomaly detection means looking for
behaviour in network traffic that is peculiar in terms of the
specification for the protocol the traffic is using. In this
case, detection is interested in syntax violation. In a
broader sense, the term could mean applying anomaly
detection on the semantics of traffic as expressed using
the protocol [33–36]. FSM and EFSM based techniques
have been applied in intrusion detection in fields like
sensor networks etc [37–39]. The proposed Intrusion
detection system (IDS) is based on the protocol anomaly
CSIT (December 2013) 1(4):301–308 303
123
based detection technique which combines both the pro-
tocol syntax and semantics. The approach uses an exten-
ded finite state machine (EFSM) for state transition and
event recognition for DNP3, based on the specifications
developed. The specifications are developed for function
codes, object headers, qualifiers etc part of the DNP3
protocol header to characterize the expected behavior of
network under purview. In the proposed approach the
specifications developed is used for validation in a given
message to extract any anomaly in the message.
In a conventional finite state machine, the transition is
associated with a set of input Boolean conditions and a set
Fig. 1 Overall security architecture
304 CSIT (December 2013) 1(4):301–308
123
of output Boolean functions. In an EFSM model, the
transition can be expressed by an if statement consisting of
a set of trigger conditions. If trigger conditions are all
satisfied, the transition is fired, bringing the machine from
the current state to the next state and performing the
specified data operations. Thus EFSM can test memory
variables and set them whereas finite state machines do not
have the concept of variables [16]. So for example a state
machine for a MTU will look something like:
– S = startup, FirstUR, Idle, AwaitFirst, Assembly
– I = all the messages that are going from MTU to RTU
– O = all messages that are coming from RTU to MTU
– V = address, function code, sequence number, object
group, object variation, qualifier, range
– D = all possible legal combinations of sequence
number, object group, object variation, qualifier, range
– T = all possible transitions supported by network under
purview
The transition relation T is specified using rules of the
form:
Eventðvar1; var2; varnÞjconditionaction ð1Þ
Here E is an event name, and the variables var1, var2, etc
denote the arguments of this event. The expression con-
dition should evaluate to a boolean value, and can make
use of common arithmetic and relational operators. It
involves the variables in V, the event arguments, and the
distinguished variable state that refers to the current control
state of the EFSA.
We assume that the IDS and the SCADA system start
functioning together and that the IDS have the information
about the topology of the network. In the IDS at the MTU
side, as many instances of the state machine are created as
there are RTUs in the topology under purview. Once an
instance is created, it is in the startup state. Then the MTU
does an integrity poll for each of the RTUs switching its
state from startup to firstUR for each instance of state
machine and waits for an unsolicited response from the
RTUs. An IDS which is monitoring all the traffic also
updates each of the corresponding state machines. Once
first unsolicited message is received from each RTU, IDS
updates the corresponding instance of the state machine
and moves to idle state [7]. Now each message exchange
can be monitored based on the EFSM between RTU and
MTU for any malicious activity. The EFSM is based on the
principal that for a given request Req in request, the
intrusion detection checks whether it is a allowable request
from the source it is coming from and also verifying cor-
responding reply Rep in the response message against the
allowable limits for this response. This will act like a
verifier and hence will be able to detect and verify the
given request/response.
Case study The residential property has a smart-meter,
dispersed generation such as solar or wind, and an elec-
tricity storage device such as fuel cells for uninterruptible
power supply (UPS) and electricity back-up operations.
The smart-meter, generator, and electricity storage device
are part of a single logical DNP3 device that is connected
Fig. 2 Implementation of
security solution
CSIT (December 2013) 1(4):301–308 305
123
to the Internet as shown in Fig. 3. The DNP3 device has
Internet connections to the distribution system owner, the
electricity retailer, and the residential consumer as shown
in Fig. 3.
The distribution system owner in this example requires
full access to all of the DNP3 devices point types and data
points to ensure reliable distribution system operation, for
control, protection and monitoring operations. The elec-
tricity retailer requires access to the residential consumers
consumption records for billing purposes. The residential
consumer requires access to the device for monitoring their
electricity consumption, which allows them to control their
electricity usage and minimize their electricity costs [40].
Based on the above scenario we can have a set of
security rules (allowed function code, allowed object
headers and within them the allowed index) associated with
each of the stakeholders. We can also have a set of critical
formulas [41] to precisely define based on a topology as to
what combinations of object header and their correspond-
ing values are allowed (given a RTU/PLC what set of
comp, value pairs are allowed). We feel that these rules can
be incorporated in an EFSM to detect intrusions.
For example a residential consumer will have limited
function codes allowed like read, confirm, select etc and
within these function codes there are set of objects that this
stakeholder can have access to. So for a read function code
the residential consumer can access binary output point to
determine if the device is on or off, likewise analog point
type maybe required for meter reading/consumption [40].
In addition to this a set of rules defined for what values
certain components can take given a certain topology and
state information of the network can also be pre-defined
[41]. For example, in a power network for a given load
across a line the value of voltage, powers etc. are known
and can be verified in the response. So now when an EFSM
detects an event rather than just checking the sequence
number, it also does a check on the vector and domain
values defined for a given stakeholder and picks up any
anomaly.
3.1.2 Key management
One critical security requirement is that communication
channels need to be secured. To provide confidentiality on
open channel, encryption and decryption is needed. After
considering security issues of confidentiality, authentica-
tion and integrity of data we can not ignore the role of key
management. Strength of encryption and decryption is
dependent on encryption algorithm and key which is used
for encryption and decryption. Secure keys need to be
established before cryptographic techniques can be used to
secure communications. Managing keys at one node solves
problem of storage only but distribution of keys is another
major issue. The main challenges in key distribution are
authentication of receiver and maintaining the secure path
for key transmission. Schemes like SKE approach are
available for key distribution. Using these schemes there is
a need of involving third party like CA for distribution of
keys but in this case security might be compromise from
third party. Manual storing of keys at each node is also a
big issue. For automatic storing of keys at each node we
can use Diffie–Hellman key exchange method, but for this,
one time extra computation cost at both side and extra
storage for one algorithm is needed. In Diffie–Hellman key
exchange, there is always a chance of man in middle
attack. By using challenge response, protocol authenticity
of recipient might be confirmed for distribution of key but
in this case, key can be obtained by attacker by replay
attack.
Considering limited memory capacity and processing
power, it is necessary to store minimum number of keys
and efficient algorithm without compromising with
required constraint. Number of keys is proportional to
desired functionality like broad casting, multi casting. The
efficiency of memory space also ought to be considered
because thousands of keys and data needs to be manage
and maintain in a limited memory space. Many efforts have
been done in recent years to secure the SCADA commu-
nication including the key management issues. We propose
an efficient key distribution scheme (Sec-KeyD) [42]
keeping in view the present constraints with following
features:
– Based on challenge-response mechanism
– Secure mutual authentication of client and server
– No transfer of session key on open channel nor
installed manually
– Distribution key is generated at both end nodes
– Ensures the freshness of message
Fig. 3 Case study scenario
306 CSIT (December 2013) 1(4):301–308
123
– Symmetric key is passed from server to client by using
session key
– Automatic key updation (revocation)
– No third party is involved
Our key distribution scheme overcome shortcomings
present in the current approaches and fulfills the SCADA
constraints, performance, availability, time-critical
responses, system operation, and access to components
efficiently with following advances:
– Ensures the authenticity of both end nodes (server as
well as client)
– Enhances the confidentiality
– Eliminates the issue of trustiness of third party
– Eliminates replay attack
– Eliminates the man-in-middle attack
– No false server attack
– Automatic revocation of symmetric key
3.1.3 SCADA protocol hardening
We choose DNPSec as a communication protocol and have
done some changes in the header of the protocol to make it
useable as per our requirements and to integrate our key
management scheme. Following modifications are pro-
posed in the DNPSec protocol. Size of the DNPSec packet
was fixed at 292 irrespective of the size of the DNP packet.
The payload, if lesser than that, is padded with dummy data
so that payload size can be of 256 bytes. And with DNPSec
header and the authentication data, it comes to 292.
DNPSec packet is identified from DNP3 and other packets
on network by finding sync bytes 0x0564 at byte position
8–9 of the DNPSec packet. Consequently only payload
data (256 bytes) is encrypted instead of encrypting payload
and original LH header. This scheme provides the same
confidentiality level as the original DNPSec scheme. The
original DNPSec protocol has key sequence number. When
KSN reaches maximum and is re-cycled to 0, the MTU sets
SK bit and send the new session key. Instead of this
arrangement, we reserve the SK bits and instead use our
key distribution protocol to negotiate the key and freshness
number between BITWs of MTU and RTU. And, this
negotiation of keys can be done after a configurable
number of data exchanges [31].
3.1.4 Evaluation
It is important to analyze the security risks and develop
appropriate security solutions to protect SCADA systems.
However, a key problem is accessibility to a SCADA test-
bed. As widely accepted in academic and industrial com-
munities, it is impractical to conduct security experiments
on live systems. A test-bed which comprises of a simulated
SCADA network wrapped with protocol stack/s, will
enable testing different attack and security solutions.
However, these tools are either proprietary, used by
researchers within the organization, and the software is not
released for external use or is not generic enough to support
different architectures, protocols, and systems, exception
being a recent work SCADASim [43]. There are test case
archives available for power systems from University of
Washington [44], Queen Mary University of London [19]
and others but these are of little use to people working in
the cyber world without a proper tool, which can interpret
these values of physical/electrical world into cyber world
in terms of protocol packets.
4 Future work
Currently we are working on the evaluation of our security
solution. As this evaluation will require SCADA traffic, we
are in the stage of generating the traffic in a test environ-
ment. Soon we will come with evaluation results.
5 Conclusion
As SCADA is opening up to standards it has become
vulnerable to cyber-attacks. Due to the possibility of cyber
attacks and its impact on critical infrastructure it is nec-
essary to develop a protection system mitigating such type
of severe threats. Lot of work has been done by different
research communities but we feel that still there are
shortcomings which need to be overcome. We proposed a
security framework for SCADA that covers an efficient key
management and distribution for SCADA, encryption–
decryption and an EFSM based intrusion detection to fill
the gap. We are trying to generate traffic for power system
to evaluate our work.
References
1. Tsang R (2010) Cyberthreats, vulnerabilities and attacks on
SCADA Networks. University of California, Berkeley
2. Zhu B, Joseph A, Sastry S (2011) A taxonomy of cyber attacks on
SCADA system In: Proceedings of CPSCom 2011: the 4th IEEE
international conference on cyber, physical and social computing,
Dalian, China, October 19–22
3. Meserve J (2007) Sources: staged cyber attack reveals vulnera-
bility in power grid. CNN, Washington, DC
4. Greenberg A (2008) Hackers Cut Cities’ Power. http://www.
Forbes.com. Accessed Feb 2012
5. http://unix.nocdesigns.com/aurora_white_paper.htm. Accessed
Feb 2012
6. Stamp J, Dillinger J, Young W, Depoy J (2003) Common vul-
nerabilities in critical infrastructure control systems. Sandia
National Laboratories, Albuquerque
CSIT (December 2013) 1(4):301–308 307
123
7. DNP User Group. http://www.dnp.org. Accessed Dec 2011
8. Makhija J, Subramanyan LR (2003) Comparison of protocols
used in remote monitoring: DNP 3.0, IEC 870-5-101 and Modbus
9. Cleveland F (2005) IEC TC57 security standards for the power
systems info infrastructure: beyond simple encryption, IEC TC57
WG15 security standards ver5
10. IT Security Advisory Group (2005) SCADA security: advice for
CEOs. Department of Communications, Information Technology
and the Arts, Canberra
11. East S, Butts J, Papa M, Shenoi S (2009) A taxonomy of attacks
on the DNP3 protocol, crtical infrastructure protection III. IFIP
Adv Inf Commun Technol 311:67–81
12. Ballman J (2003) The great blackout of 2003 Aug. 14 power
outage largest in U.S. history. Disaster Recovery J 16(4)
13. NCS (2004) Technical information bulletin 04-1, SCADA sys-
tems. NCS, Arlington
14. Fovino IN, Coletta A, Masera M (2010) Taxonomy of security
solutions for the SCADA sector, version 1.1
15. Ten CW, Manimaran G, Liu CC (2010) Cybersecurity for critical
infrastructures: attack and defence modelling. IEEE Trans Syst
Man Cybern 40(4):853–865
16. Beaver CL, Gallup DR, NeuMann WD, Torgerson MD (2002)
Key management for SCADA (SKE). Sandia Lab, Albuquerque
17. Dawson R, Boyd C, Dawson E, Nieto JMG (2006) SKMA-A key
management architecture for SCADA systems. In: Proceedings of
the grid computing
18. Lee S, Choi D, Park C, Kim S (2008) An efficient key man-
agement scheme for secure SCADA communication. In: Pro-
ceedings of world academy of science, engineering and
technology, vol 35
19. elec.qmul.ac.uk/resources/electricitydata/pages/elec-
tricitydata.html. Accessed Feb 2012
20. Patel A, Qassim Q, Wills C (2010) A survey of intrusion detec-
tion and prevention systems. Info Manage Comput Secur
18(4):277
21. Zhu B, Sastry S (2010) SCADA-specific intrusion detection/
prevention systems: a survey and taxonomy, secure control sys-
tems (SCS). Team for Research in Ubiquitous System Technol-
ogy, Stockholm
22. http://www.digitalbond.com. Accessed Nov 2011
23. Verba J, Milvich M (2008) Idaho national laboratory supervisory
control and data acquisition intrusion detection system (SCADA
IDS) IEEE conference on technologies for homeland security
24. Dayu Y, Alexander U, Hines JW (2006) Anomaly-based intrusion
detection for SCADA systems, 5th international topical meeting
on nuclear plant instrumentation, controls, and human machine
interface technology
25. Fovino IN, Coletta A, Carcano A, Masera M, Trombetta A (2010)
Modbus/DNP3 state-based intrusion detection system 24th IEEE
international conference on advanced information networking
and applications
26. Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A
(2007) Using model-based intrusion detection for SCADA net-
works SCADA security scientific symposium
27. Liu CC, Stefanov A, Hong J, Panciatici P (2012) Intruders in the
grid IEEE power and energy magazine
28. http://www.vikingproject.eu. Accessed April 2012
29. http://www.uclm.edu/area/gsee/Web/Federico/psat.htm. Accessed
March 2012
30. Liu Y, Ning P, Reiter MK (2009) False data injection attacks
against state estimation in electric power grids. In: Proceedings of
the 15th ACM conference on computer and communications
security, pp 21–32
31. Bagaria S, Prabhakar SB, Saquib Z (2011) Flexi-DNP3:flexible
distributed network protocol version 3 (DNP3) for SCADA
security. ReTIS, Kolkatta
32. Sekar R, Gupta A, Frullo J, Shanbhag T, Tiwari A, Yang H, Zhou
S (2002) Specification based anomaly detection: a new approach
for detecting network intrusions. In: Proceedings of the 9th ACM
conference on computer and communications security
33. NCS (2004) DNP3 (Distributed Network Protocol version 3.0) ,
and Modbus NCS Technical Information Bulletin 04-1, SCADA
Systems
34. Shahzad AA, Musa S (2012) Securing SCADA communication
using hybrid cryptography ICUIMC. In: Proceedings of the 6th
international conference
35. Carcano A, Coletta A, Guglielmi M, Masera M, Nai Fovino I,
Trombetta A (2011) A multidimensional critical state analysis for
detecting intrusions in SCADA systems. IEEE Trans Ind inform
7(2):179–186
36. Fovino IN, Coletta A, Carcano A, Masera M (2012) Critical state-
based filtering system for securing SCADA network protocols.
IEEE Trans Ind Electron 59:10
37. Orset JM, Alcade B, Cavalli A (2005) An EFSM based Intrusion
detection system for ad hoc networks, automated technology for
verification and analysis, LNCS 3707, pp 400–413
38. Smith R, Estan C, Jha S (2008) XFA: faster signature matching
with extended automata IEEE symposium on security and privacy
39. Barry BIA, Chan HA (2007) A hybrid, stateful and cross-protocol
intrusion detection system for converged applications. In: Lecture
notes in computer science, vol 4804. pp 1616–1633
40. Garcia Teodoro P, Diaz Verdejo J, Macia Fernandez G, Yazquez
E (2009) Anomaly-based network intrusion detection: techniques,
systems and challenges. Comput Secur 28:18–28
41. Mander T, Cheung R, Nabhani F (2010) Power system DNP3 data
object security using data sets. Computer and Security 29:487–500
42. http://164.100.176.38/patentsearch/search/index.aspx. Accessed
July 2012
43. Queiroz C, Mahmood A, Tari Z (2011) SCADASim a framework
for building SCADA simulations. IEEE Trans Smart Grid2(4):589-597
44. http://www.ee.washington.edu/research/pstca. Accessed Feb 2012
308 CSIT (December 2013) 1(4):301–308
123