Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Transcription

1 , pp Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements Hongseok Chae 1, AAmir Shahzad 1, Muhammad Irfan 2, HyangRan Lee 1, Malrey Lee 1* 1, 1* ,Center for Advanced Image and Information Technology, School of Electronics & Information Engineering, Chon Buk National University, , 1Ga, Deokjin-Dong, Jeonju, Chon Buk, Korea 2 Infrastructure University Kuala Lumpur (IUKL), Malaysia Kuala Lumpur,Malaysia {Irfanview2}@@gmail.com Abstract. Massive numbers of applications have been developed to fulfill the requirements of end-users; the world is considered as a cell of communication in which applications are centralized and distributed, and accessed by internet. Like traditional networks, real time networks such as supervisory control and data acquisition (SCADA) systems, distributed controller systems (DCSs) and others have been employing the internet technology to connect their various stations, and with central controller(s). Internet technology brought several benefits in terms of real time delivery of information to, and between geographical located stations; but at the other side, numerous of security issues have also been accounted and considered to be dangerous for information delivery. In survey, numbers of vulnerabilities and security issues are identified by reviewing of existing researches in real time networks, existing security developments are also reviewed and analyzed, and future directions are highlighted that will enhance the security in real time transmission(s). Keywords: Real time systems; Supervisory control and data acquisition systems; Distributed controller systems 1 Introduction The industrial control systems (ICSs) have been developed in various infrastructure sectors such as electrical sectors, water and water distribution systems, oil miles, gas stations, automobile and transportations sectors and others, and gaining popularity day-day in industrial processing and automation due to revolution of modern information technology (IT). Typical industrial control systems (ICSs) are divided into three main categories including supervisory control and data acquisition ISSN: ASTL Copyright 2015 SERSC

2 (SCADA) systems, distributed controller systems (DCSs) and programmable logical controllers (PLCs). Fig. 1. ICS Network and Operations ICS performs several operations as part of industries and basic there components such as control loop, human-machine interface (HMI) and diagnostics and maintenance applications, which mange the ICS operations [1], [2]. Fig 1 shows the basic network structure of ICS. 2 Existing work and security analysis The cloud computing is a new technology for industrial control systems (ICSs) and it s provide most efficient and scalable communication with minimal cost. Usually, ICS hardware s and software s are very expensive and difficult to understand and operates, or required deep knowledge during configuration and setup [4], [6]. However, cloud computing infrastructure provides easy and cheap access to ICS apparatus, while employing the cloud models [4]. Several remote units are geographically distributed and can access the services of main controller via cloud over internet. ICS have been employing proprietary protocols such as DNP3, Modbus, Field bus, Profibus and other IEC standards, and open protocols such as TCP/IP and UDP, are required to transmit information over internet [4], [5]. As consequence, number of vulnerabilities and security issues are accounted due to large interconnectivity between proprietary protocols and non- proprietary protocols (or networks); few common vulnerabilities and security attacks are considered and are depicted in table 1[1 12]. Table 1. Security Attacks and Vulnerabilities Attacks Integrity Attacks, Authentication Attacks, confidentiality Attacks, Non-Repudiation Attacks, Unauthorized Access Control, Bot-network operators, Criminal groups, Phishers, Spammers and Spyware/malware, etc. Copyright 2015 SERSC 145

3 Vulnerabi lities[1] Inadequate security policy, No formal ICS security Inadequate security architecture, Lack of security administrative, no security audits, Lack of configuration, No proper OS and application security, Lack of adequate password policy Inadequate access controls applied, Inadequate testing of security changes, Insecure remote access on ICS components, Use of insecure industry-wide ICS protocols, Incidents are not detected, Malware protection software not installed, Weak network security architecture, Poorly configured security equipment, Passwords are not encrypted in transit, Inadequate access controls applied, No security perimeter defined, Inadequate firewall and router logs, No security monitoring on the ICS network, Lack of integrity checking for communications, Authentication of users, Inadequate authentication between clients and access points, Inadequate data protection between clients and access points and others. In paper [4], [5], [13], security mechanism using cryptograph algorithms has deployed to enhance the security of SCADA system and also gives directions for further developments. Key encryption is a time minimized security solution, while comparing with other encryption standards. Time is a very important factor, which has been counted for SCADA system [13]. Therefore, key encryption solution is proposed to secure the SCADA communication with time acquirements in mind. In this solution, message is not encrypted, only key or secret key is appended with desired message [4], [13]. Subsequently, key hash digest has been calculated and encrypted with private key. Then appended secret key and encrypted key hash digest is encrypted again with public key [4], [5], [12], [13]. This security solution significantly secured the SCADA communication against potential attacks including authentication attacks, integrity attacks, confidentiality attacks and non-repudiation attacks and required less time during encryption/decryption process [12], [13]. Cryptography dynamic buffer (CDB) has been proposed [14] after analyzing the detail existing security issues of SCADA system. The CDB is employed during whole security designed and implementation within SCADA protocol or DNP3 protocol. CBD has number of variable size fields that are utilized for security development within SCADA/DNP3 protocol [12 14]. During SCADA communication, the CBD kept the tracks of whole security implementation and its related detail such as sender/receiver port number and IP address, the sender/receiver security solution selection process according to communication needs, flow of bytes from lower to upper layer within stack and vice versa, indication of critical/non critical bytes that help to identify the authorized/ nonauthorized entity in SCADA communication and others [4], [5], [14]. The security solutions are implemented and validated successfully according to the SCADA/DNP3 communications needs and measured results are also compared with end-to-end performances [5], [12 14]. 3 Conclusion and future work This is a short report that reviews the industrial control system (ICS) and its major parts such as SCADA system, DCS and others (i.e., PLCs). The massive connectivity of real time systems with open networks over internet, made the communication of these system more vulnerable from various types of potential attacks (i.e., as discussed in literature). Real time access(or transmission) is more critical due to 146 Copyright 2015 SERSC

4 time limitations and more error, and attack prone, while comparing with traditional networks access, e.g., client/server applications or/and information exchanging between recipients in local area network(lan) and wide area network(wan). The current study made a review on potential vulnerabilities and on attacks that are residing in transmission of real time systems and also provides future directions (or analyzes the existing security mechanisms) that would be significant in enhancement of existing security References 1. Stouffer, J. Falco, K.Kent, 2006, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, Recommendations of the National Institute of Standards and Technology 2. Clarke, D. Reynders, E. Wright, 2004, Practical Modern SCADA Protocols: DNP3, and Related Systems. 3. S. Musa, A. Shahzad, A.Aborujilah, Secure security model implementation for security services and related attacks base on end- To-end, application layer and data link layer security, Proceeding ICUIMC '2013 Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, 2013, DOI: / Musa; Shahzad. A ; Aborujilah, Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security, Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, doi: / Jeffrey Hieb; James Graham; Sandip Patel, Security Enhancements for Distributed Control Systems, Critical Infrastructure Protection, IFIP International Federation for Information Processing Volume 253, 2008, pp doi: / _10 6. Shahzad, S., A. Aborujilah, M. Irfan, A Performance Approach: SCADA System Implementation within Cloud Computing Environment, ACSAT 2013, IEEE, doi: /ACSAT Hyung Jun Kim, Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks, International Journal of Distributed Sensor Networks, vol. 2012, , 10 pages, doi: /2012/ Sugwon Hong; Myongho Lee, Challenges and Direction toward Secure Communication in the SCADA System, Communication Networks and Services Research Conference (CNSR), 2010 doi: /CNSR Zio, E.; Sansavini, G., "Vulnerability of Smart Grids With Variable Generation and Consumption: A System of Systems Perspective," Systems, Man, and Cybernetics: Systems, IEEE Transactions on, vol.43, no.3, pp.477,487, HyungJun Kim, Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks, International Journal of Distributed Sensor Networks, vol. 2012, Article ID , pp.10. doi: /2012/ Hong; S. Lee, Challenges and perspectives in security measures for the SCADA system, In Proc. 5th Myongji-Tsinghua University Joint Seminar on Protection & Automation, A. Shahzad, S. Musa, M. Irfan, N-Secure Cryptography Solution for SCADA Security Enhancement, Trends in Applied Sciences Research, 2014, 9: doi: /tasr Shahzad, S., M. Irfan, Key Encryption Method for SCADA Security Enhancement, Journal of Applied Sciences,2014, DOI: /jas Copyright 2015 SERSC 147

5 14. A. Shahzad, S. Musa, M. Irfan, S. Asadullah, Deployment of New Dynamic Cryptography Buffer for SCADA Security Enhancement, Journal of Applied Sciences, 2014, 14: doi: /jas Copyright 2015 SERSC