More Web Proxy on the site http://driver.im/

research-article

DNP3 network scanning and reconnaissance for critical infrastructure

Authors:

Nicholas R. Rodofile,

Ernest FooAuthors Info & Claims

ACSW '16: Proceedings of the Australasian Computer Science Week Multiconference

Article No.: 39, Pages 1 - 10

https://doi.org/10.1145/2843043.2843350

Published: 01 February 2016 Publication History

Abstract

The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols to control national infrastructure. The move from point-to-point serial connections to Ethernet-based network architectures, allowing for large and complex critical infrastructure networks. However, networks and configurations change, thus auditing tools are needed to aid in critical infrastructure network discovery.

In this paper we present a series of intrusive techniques used for reconnaissance on DNP3 critical infrastructure. Our algorithms will discover DNP3 outstation slaves along with their DNP3 addresses, their corresponding master, and class object configurations. To validate our presented DNP3 reconnaissance algorithms and demonstrate it's practicality, we present an implementation of a software tool using a DNP3 plug-in for Scapy. Our implementation validates the utility of our DNP3 reconnaissance technique. Our presented techniques will be useful for penetration testing, vulnerability assessments and DNP3 network discovery.

References

[1]

Akande, A. J., Fidge, C. and Foo, E. {2015}, Component modeling for scada network mapping, in D. Parry, ed., '38th Australasian Computer Science Conference (ACSC2015)', Conferences in Research and Practice in Information Technology (CRPIT), Sydney, NSW, pp. 91--100.

[2]

Burns, D., Adesina, O. and Barker, K. {2011}, CCNP Security IPS 642--627 Official Cert Guide, Cisco Press.

Digital Library

[3]

Clarke, G. R., Reynders, D. and Wright, E. {2004}, Practical modern SCADA protocols: DNP3, 60870.5 and related systems, Newnes.

[4]

Curtis, K. {2005}, 'A DNP3 Protocol Primer', DNP User Group.

[5]

Donnet, B. and Friedman, T. {2007}, 'Internet topology discovery: a survey', Communications Surveys Tutorials, IEEE 9(4), 56--69.

Digital Library

[6]

Durumeric, Z., Bailey, M. and Halderman, J. A. {2014}, An internet-wide view of internet-wide scanning, in 'USENIX Security Symposium'.

Digital Library

[7]

East, S., Butts, J., Papa, M. and Shenoi, S. {2009}, A Taxonomy of Attacks on the DNP3 Protocol, in 'Critical Infrastructure Protection III', Springer, pp. 67--81.

[8]

Gonzalez, J. and Papa, M. {2008}, Passive scanning in modbus networks, in E. Goetz and S. Shenoi, eds, 'Critical Infrastructure Protection', Vol. 253 of IFIP International Federation for Information Processing, Springer US, pp. 175--187.

[9]

Hahn, A. and Govindarasu, M. {2011}, An evaluation of cybersecurity assessment tools on a scada environment, in 'Power and Energy Society General Meeting, 2011 IEEE', pp. 1--6.

[10]

Myers, D., Foo, E. and Radke, K. {2015}, Internet-wide scanning taxonomy and framework, in I. Welch and X. Yi, eds, 'Australasian Information Security Conference (ACSW-AISC)', Australian Computer Society, Inc, Sydney, NSW.

[11]

Nam, S. Y., Jurayev, S., Kim, S.-S., Choi, K. and Choi, G. S. {2012}, 'Mitigating arp poisoningbased man-in-the-middle attacks in wired or wireless lan', EURASIP Journal on Wireless Communications and Networking 2012(1), 1--17.

[12]

Nicholson, A., Webber, S., Dyer, S., Patel, T. and Janicke, H. {2012}, 'SCADA Security in the Light of Cyber-Warfare', Computers & Security 31(4), 418--436.

Digital Library

[13]

Rodofile, N., Radke, K. and Foo, E. {2015}, Real-Time and Interactive Attacks on DNP3 Critical Infrastructure Using Scapy, in 'Proceedings of Australasian Information Security Conference (ACSW-AISC 2015)', pp. 1--4.

[14]

Rowe, N. and Goh, H. {2007}, Thwarting cyber-attack reconnaissance with inconsistency and deception, in 'Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC', pp. 151--158.

[15]

Stouffer, K., Falco, J. and Scarfone, K. {2011}, 'Guide to industrial control systems (ics) security', NIST special publication pp. 800--82.

[16]

van der Knijff, R. {2014}, 'Control systems/scada forensics, what's the difference?', Digital Investigation 11(3), 160--174. Special Issue: Embedded Forensics.

Digital Library

[17]

Zhu, B., Joseph, A. and Sastry, S. {2011}, A Taxonomy of Cyber Attacks on SCADA Systems, in 'Proceedings of 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing Internet of Things (iThings/CPSCom)', pp. 380--388.

Digital Library

[18]

IEEE Power and Energy Society {2012}, IEEE Standard for Electric Power Systems Communications DNP3, Technical report, The Institute of Electrical and Electronics Engineers, Inc.

Cited By

Tao JYuan XZhang SXu Y(2023)Development of Fingerprint Identification Based on Device Flow in Industrial Control SystemApplied Sciences10.3390/app1302073113:2(731)Online publication date: 4-Jan-2023
https://doi.org/10.3390/app13020731
Hu ZLin HWaind LQu YChen GJin D(2023)Industrial Network Protocol Security Enhancement Using Programmable Switches2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm57358.2023.10333874(1-7)Online publication date: 31-Oct-2023
https://doi.org/10.1109/SmartGridComm57358.2023.10333874
Holguin IErrapotu S(2023)Mitigating Common Cyber Vulnerabilities in DNP3 with Transport Layer Security2023 North American Power Symposium (NAPS)10.1109/NAPS58826.2023.10318788(1-6)Online publication date: 15-Oct-2023
https://doi.org/10.1109/NAPS58826.2023.10318788
Show More Cited By

Recommendations

Framework for SCADA cyber-attack dataset creation
ACSW '17: Proceedings of the Australasian Computer Science Week Multiconference

Cyber-security research and development for SCADA is being inhibited by the lack of available SCADA attack datasets. This paper presents a modular dataset generation framework for SCADA cyber-attacks, to aid the development of attack datasets. The ...
Extending the cyber-attack landscape for SCADA-based critical infrastructure
Abstract
The move from point-to-point serial communication to traditional information technology (IT) networks has created new challenges in providing cyber-security for supervisory control and data acquisition (SCADA) systems in critical ...
Modbus/DNP3 State-Based Intrusion Detection System
AINA '10: Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications

The security of Industrial Critical Infrastructures is become a prominent problem with the advent of modern ICT technologies used to improve the performances and the features of the SCADA systems. In this paper we present an innovative approach to the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSW '16: Proceedings of the Australasian Computer Science Week Multiconference

February 2016

654 pages

ISBN:9781450340427

DOI:10.1145/2843043

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Australian Research Council Linkage

Conference

ACSW '16

ACSW '16: Australasian Computer Science Week

February 1 - 5, 2016

Canberra, Australia

Acceptance Rates

ACSW '16 Paper Acceptance Rate 77 of 172 submissions, 45%;

Overall Acceptance Rate 204 of 424 submissions, 48%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
477
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tao JYuan XZhang SXu Y(2023)Development of Fingerprint Identification Based on Device Flow in Industrial Control SystemApplied Sciences10.3390/app1302073113:2(731)Online publication date: 4-Jan-2023
https://doi.org/10.3390/app13020731
Hu ZLin HWaind LQu YChen GJin D(2023)Industrial Network Protocol Security Enhancement Using Programmable Switches2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)10.1109/SmartGridComm57358.2023.10333874(1-7)Online publication date: 31-Oct-2023
https://doi.org/10.1109/SmartGridComm57358.2023.10333874
Holguin IErrapotu S(2023)Mitigating Common Cyber Vulnerabilities in DNP3 with Transport Layer Security2023 North American Power Symposium (NAPS)10.1109/NAPS58826.2023.10318788(1-6)Online publication date: 15-Oct-2023
https://doi.org/10.1109/NAPS58826.2023.10318788
Alanazi MMahmood AChowdhury M(2023)SCADA vulnerabilities and attacksComputers and Security10.1016/j.cose.2022.103028125:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.cose.2022.103028
Ahlawat P(2022)Cyber Security for Smart GridsMethods, Implementation, and Application of Cyber Security Intelligence and Analytics10.4018/978-1-6684-3991-3.ch006(97-115)Online publication date: 17-Jun-2022
https://doi.org/10.4018/978-1-6684-3991-3.ch006
Arroyo-Figueroa GRojas-Gonzalez IHernández-Aguilar J(2022)A Compressive Compilation of Cyber Security for Internet of Energy (IoE)Research Anthology on Smart Grid and Microgrid Development10.4018/978-1-6684-3666-0.ch039(883-910)Online publication date: 2022
https://doi.org/10.4018/978-1-6684-3666-0.ch039
Samanis EGardiner JRashid A(2022)SoK: A Taxonomy for Contrasting Industrial Control Systems Asset Discovery ToolsProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538979(1-12)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538979
Trevizan RObert JDe Angelis VNguyen TRao VChalamala B(2022)Cyberphysical Security of Grid Battery Energy Storage SystemsIEEE Access10.1109/ACCESS.2022.317898710(59675-59722)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3178987
Jamil NQassim QBohani FMansor MRamachandaramurthy V(2021)Cybersecurity of Microgrid: State-of-the-Art Review and Possible Directions of Future ResearchApplied Sciences10.3390/app1121981211:21(9812)Online publication date: 20-Oct-2021
https://doi.org/10.3390/app11219812
Jones CChavez AHossain-McKenzie SJacobs NSummers AWright B(2021)Unsupervised Online Anomaly Detection to Identify Cyber-Attacks on Internet Connected Photovoltaic System Inverters2021 IEEE Power and Energy Conference at Illinois (PECI)10.1109/PECI51586.2021.9435234(1-7)Online publication date: 1-Apr-2021
https://doi.org/10.1109/PECI51586.2021.9435234
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents