research-article

Public Access

Securing SCADA Applications Using OpenPLC With End-To-End Encryption

Authors:

Thiago Alves,

Thomas Morris,

Seong-Moo YooAuthors Info & Claims

ICSS 2017: Proceedings of the 3rd Annual Industrial Control System Security Workshop

Pages 1 - 6

https://doi.org/10.1145/3174776.3174777

Published: 05 December 2017 Publication History

PDF eReader

Abstract

During its nascent stages, Programmable Logic Controllers (PLC) were made robust to sustain tough industrial environments, but little care was taken to raise defenses against potential cyberthreats. The recent interconnectivity of legacy PLCs and SCADA systems with corporate networks and the internet has significantly increased the threats to critical infrastructure. To counter these threats, researchers have put their efforts in finding defense mechanisms that can protect the SCADA network and the PLCs. Encryption is a critical component of security and therefore has been used by many organizations to protect data on the network. However, since PLC vendors don't make available information about their hardware or software, it becomes challenging to embed encryption into their devices, especially if they rely on legacy protocols. This paper describes an alternative design using an open source PLC that was modified to encrypt all data it sends over the network, independently of the protocol used. Experimental results indicated that the encryption layer increased the security of the link without causing a significant overhead.

References

[1]

Slay, J., & Miller, M. (n.d.). Lessons Learned From the Maroochy Water Breach, 253, 73--82.

Google Scholar

[2]

Poulsen, K. Slammer Worm Crashed Ohio Nuke Plant Network. 2003 {cited 2009; Available from:http://www.securityfocus.com/news/6767.

Google Scholar

[3]

Falliere, Nicolas, Liam O. Murchu, and Eric Chien. "W32. stuxnet dossier." White paper, Symantec Corp., Security Response 5 (2011).

Google Scholar

[4]

ICS Focused Malware (Update A). https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A

Google Scholar

[5]

Shahzad, A, Musa, S., Aborujilah, A. and Irfan, M. 2013. Secure Cryptography Testbed Implementation for SCADA Protocols Security. 2013 International Conference on Advanced Computer Science Applications and Technologies. (2013).

Digital Library

Google Scholar

[6]

Graham, J. and Patel, S. 2004. Security Considerations in SCADA Communication Protocols. Intelligent Systems Research Laboratory, Technical Report TR-ISRL-04-01

Google Scholar

[7]

Alves, T. The OpenPLC Project: 2017. http://openplcproject.com. Accessed: 2017-09-24.

Google Scholar

[8]

International Electrotechnical Commission. IEC 61131-3: Programmable Controllers -- Part 3 Programming languages. International Electrotechnical Commission, Geneva, Switzerland, 1993.

Google Scholar

[9]

Fovino, I., Carcano, A., Masera, M. and Trombetta, A. 2009. Design and Implementation of a Secure Modbus Protocol. IFIP Advances in Information and Communication Technology. (2009), 83--96.

Google Scholar

[10]

Majdalawieh, M., Parisi-Presicce, F. and Wijesekera, D. DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework. Advances in Computer, Information, and Systems Sciences, and Engineering. 227--234.

Google Scholar

[11]

American Gas Association (AGA), Draft 4, AGA Report 12, November 2004, Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan, http://www.gtiservices.org/security/AGA12Draft4r1.pdf

Google Scholar

[12]

Wright, A., Kinast, J. and McCarty, J. 2004. Low-Latency Cryptographic Protection for SCADA Communications. Applied Cryptography and Network Security. (2004), 263--277.

Google Scholar

Cited By

View all

Cui HHong JLouden R(2024)An Overview of the Security of Programmable Logic Controllers in Industrial Control SystemsEncyclopedia10.3390/encyclopedia40200564:2(874-887)Online publication date: 22-May-2024
https://doi.org/10.3390/encyclopedia4020056
Katulić FSumina DGroš SErceg I(2024)Devising Framework for Assessing Usability of Cybersecurity Solutions in Industrial Automation and Control Systems2024 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM)10.1109/SPEEDAM61530.2024.10608827(486-491)Online publication date: 19-Jun-2024
https://doi.org/10.1109/SPEEDAM61530.2024.10608827
Alsabbagh WKim CLangendörfer P(2024)Investigating the Security of OpenPLC: Vulnerabilities, Attacks, and Mitigation SolutionsIEEE Access10.1109/ACCESS.2024.335605112(11561-11583)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3356051
Show More Cited By

Securing SCADA Applications Using OpenPLC With End-To-End Encryption
1. Computer systems organization

Recommendations

Virtualization of Industrial Control System Testbeds for Cybersecurity
ICSS '16: Proceedings of the 2nd Annual Industrial Control System Security Workshop

With an immense number of threats pouring in from nation states and hacktivists as well as terrorists and cybercriminals, the requirement of a globally secure infrastructure becomes a major obligation. Most critical infrastructures were primarily ...
Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using Differential Power Analysis (DPA). In this work, we present MEAS---...
End-to-end security mechanisms for SMS

In the mobile communication systems, security (encryption) offered by the network operator applies only on the wireless link. Data delivered through the mobile core network may not be protected. Existing end-to-end security mechanisms are provided at ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSS 2017: Proceedings of the 3rd Annual Industrial Control System Security Workshop

December 2017

35 pages

ISBN:9781450363334

DOI:10.1145/3174776

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

ICSS 2017

ICSS 2017: 2017 Annual Industrial Control System Security Workshop

December 5, 2017

PR, San Juan, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
1,335
Total Downloads

Downloads (Last 12 months)270
Downloads (Last 6 weeks)21

Reflects downloads up to 17 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Cui HHong JLouden R(2024)An Overview of the Security of Programmable Logic Controllers in Industrial Control SystemsEncyclopedia10.3390/encyclopedia40200564:2(874-887)Online publication date: 22-May-2024
https://doi.org/10.3390/encyclopedia4020056
Katulić FSumina DGroš SErceg I(2024)Devising Framework for Assessing Usability of Cybersecurity Solutions in Industrial Automation and Control Systems2024 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM)10.1109/SPEEDAM61530.2024.10608827(486-491)Online publication date: 19-Jun-2024
https://doi.org/10.1109/SPEEDAM61530.2024.10608827
Alsabbagh WKim CLangendörfer P(2024)Investigating the Security of OpenPLC: Vulnerabilities, Attacks, and Mitigation SolutionsIEEE Access10.1109/ACCESS.2024.335605112(11561-11583)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3356051
Kirkman SFulton SHemmes JGarcia CWilson J(2023)A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial ResultsACM Transactions on Cyber-Physical Systems10.1145/36375538:1(1-13)Online publication date: 21-Dec-2023
https://dl.acm.org/doi/10.1145/3637553
Chowdhury SDudley BSun R(2023)The Case for Virtual PLC-enabled Honeypot Design2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00044(351-357)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00044
Mandalapu RSaid H(2023)Towards a Virtual Cloud-Based Smart Factory Testbed for Cybersecurity2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00154(909-915)Online publication date: 24-Jul-2023
https://doi.org/10.1109/CSCE60160.2023.00154
Lupton BZappe MThom JSengupta SFeil-Seifer D(2022)Analysis and Prevention of Security Vulnerabilities in a Smart City2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC54503.2022.9720824(0702-0708)Online publication date: 26-Jan-2022
https://doi.org/10.1109/CCWC54503.2022.9720824
Sverko MGrbac TMikuc M(2022)SCADA Systems With Focus on Continuous Manufacturing and Steel Industry: A Survey on Architectures, Standards, Challenges and Industry 5.0IEEE Access10.1109/ACCESS.2022.321128810(109395-109430)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3211288
Jain KAnanth AHonnavalli P(2021)Vulnerability Analysis of a Signal-based Messenger2021 IEEE Bombay Section Signature Conference (IBSSC)10.1109/IBSSC53889.2021.9673482(1-6)Online publication date: 18-Nov-2021
https://doi.org/10.1109/IBSSC53889.2021.9673482
Al-Busaidi AAl-Kindi AAl-Abri D(2021)A Low-Cost In-Line Encryption System for SCADA Applications2021 3rd Global Power, Energy and Communication Conference (GPECOM)10.1109/GPECOM52585.2021.9587863(263-268)Online publication date: 5-Oct-2021
https://doi.org/10.1109/GPECOM52585.2021.9587863
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Recommendations

Virtualization of Industrial Control System Testbeds for Cybersecurity

Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives

End-to-end security mechanisms for SMS

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations