Figure 2 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
The ideas presented in this paper are summarized as follows. The first idea entails improving the security of supervisory control and data acquisition (SCADA) architectures by means of asymmetric cryptography and digital signatures and measuring the performance overhead. This allows achieving some obvious subsequent goals such as data-origin authen...
Contexts in source publication
Context 1
... distributed control system (DCS), for each SCADA component. In other words, the MTU (called SICADD in Fig. 1, where SICADD in Romanian stands for "Centralized Data Acquisition System") will consolidate the two upper levels for production control and scheduling, while the RTU will map onto the direct control and plant supervisory levels. In Fig. 2, Fig. 3, Fig. 4, and Fig. 5 are depicted the architecture and functional components for the remote and master terminal stations. Their software implementation will largely follow these architectural guidelines. Our research efforts were targeted toward the following objectives: Designing the SICADD-MTU operational platform that will ensure ...
Context 2
... a structure is illustrated in Fig. 2. A brief presentation of the modules is necessary. We have designed and developed the following modules: Wide Area Network (WAN) represents the public network to which the RTU is connected; in practice, it will be a network protected by a firewall. This network will be used by the RTU to establish the connection with the SICADD-MTU; ...
Context 3
... process of generating a digital signature on the RTU experimental platform is illustrated in Figure 19. One can observe the steps that produce the digital signature (its value can then be traced in Figure 20). On the SICADD-MTU, the verification of the RTU's digital signature is illustrated in Figure 22. ...
Context 4
... can observe the steps that produce the digital signature (its value can then be traced in Figure 20). On the SICADD-MTU, the verification of the RTU's digital signature is illustrated in Figure 22. The verification of the digital signature involves the use of a digital certificate (containing the value of the public key that corresponds to the private key that was used for signing). ...
Context 5
... involves additional successive verifications of digital signatures made on successive digital certificates in a hierarchy of certification authorities, until a trusted certification authority is found. The process is illustrated in Figure 23. The topic of certificate chain verification is rather complicated for certain categories of RTU and therefore the certificate authentication chain mechanism needs to be minimized as much as possible. ...
Context 6
... need to use this algorithm for clock syncing as the first task. This can be achieved in the case of Raspberry Pi through the ntpd service (based on the network time protocol -NTP). The NTP server will be configured similarly in both the MTU and RTU. The blue part in Fig. 24 represents initialization of the prevention algorithm, a sequence in which the RTU and MTU exchange their own current times, so that the value of LastRtuTimeStamp is memorized in the MTU, and LastMtuTimeStamp is memorized in the ...
Context 7
... RTU or the MTU starts. In case of clock desynchronization, the connection will be dropped by the part that first detects the desynchronization. A desynchronization event is triggered if the peer's timestamp is greater than the entity's own timestamp. After the initialization sequence, DNP3 data exchange is handled according to the yellow part in Fig. ...
Context 8
... message illustrated in the replay attack prevention proposed in Fig. 24 must be digitally signed by its originator (i.e., both the RTU and the MTU digitally sign their own messages, respectively). The timestamp will be included in a digitally signed DNP3 message as a countermeasure to a replay ...
Similar publications
A successful deployment and operation of smart grids depends on the reliability and security of the protocols used to gather data from the various components. This work evaluates a technique called fuzzing to investigate the security of smart grid communication protocols. Based on a structured process for fuzzing in this specific domain we develop...
Citations
... Manually, operators have to call the substations for hourly readings. In contrast, with the use of a SCADA system, real-time data is accessible to all substations, eliminating the need for phone calls to provide information to other substations [13]. Studies have demonstrated the ability of SCADA systems to effectively manage frequency control within power grids, enhancing overall system resilience. ...
The SCADA systems introduced in this study monitor the entire length of a 225 kV transmission line at 1,304 km for power disturbances caused by physical contact with conductors, which may distort the power flow. This novel approach to long transmission lines in this study has led to significant changes in the power systems in the region. Furthermore, the significance of this study on the West African Power Pool, especially for the CLSG transmission line of 225 kV in Sierra Leone and other countries served by the CLSG transmission line, is that it is impactful and has considerably improved electricity accessibility and availability in the region. Furthermore, rural electrification has substantially increased by connecting 99 towns and villages, and additional communities will be connected in the future by shield wires with 225 kV, addressing the lack of access to electricity in these areas, which can be easily monitored by using the SCADA system. This development has led to a notable increase in socioeconomic activities due to the increased energy availability in these areas. A SCADA has a better data management system, managing ICSs for data acquisition, communication, information sharing, and processing across the entire span of the transmission line (1,304 km), including substations. This approach enables the isolation of faulty areas through SCADA systems, unlike its counterpart, DCS, which is limited. The implemented SCADA for the CLSG transmission line in this study operates in frequency mode for power stabilization.
... Another direction in research in respect to the IIoT concept is the addition of new security mechanisms in critical infrastructure architecture, such as blockchains [28,29], digital signatures [30] or quantum cryptography [31]. In this case, only software-based solutions are proposed. ...
Securing critical infrastructures and manufacturing plants in the Industrial-Internet-Of-Things and Industry 4.0 is a challenge today due to the increased number of attacks against automation and SCADA systems. These systems were built without any security considerations in mind, so the evolution towards interconnection and interoperability makes them vulnerable in the context of exposing data to the outside network. Even though new protocols are considering built-in security, the widely spread legacy standard protocols need to be protected. Hence, this paper attempts to offer a solution for securing the legacy insecure communication protocols based on elliptic curve cryptography while fulfilling the time constraints of a real SCADA network. Elliptic curve cryptography is chosen to respond to the low memory resources available for the low level devices of a SCADA network (e.g., PLCs), and also because it can achieve the same level of security as other cryptographic algorithms using smaller sizes for the secure keys. Furthermore, the proposed security methods have the purpose of assuring that the data transmitted between entities of a SCADA and automation system are authentic and confidential. The experimental results showed good timing performance for the cryptographic operations executed on Industruino and MDUINO PLCs, demonstrating that our proposed concept is deployable for Modbus TCP communication in a real automation/SCADA network on existing devices from the industry.
... The authors of [52] presented two relevant ideas. Thus, the first idea suggests the improvement of the SCADA architecture security using asymmetric cryptography models as well as digital signatures. ...
The design and implementation of secure IoT platforms and software solutions represent both a required functional feature and a performance acceptance factor nowadays. This paper describes relevant cybersecurity problems considered during the proposed microservices architecture development. Service composition mechanisms and their security are affected by the underlying hardware components and networks. The overall speedup of the platforms, which are implemented using the new 5G networks, and the capabilities of new performant IoT devices may be wasted by an inadequate combination of authentication services and security mechanisms, by the architectural misplacing of the encryption services, or by the inappropriate subsystems scaling. Considering the emerging microservices platforms, the Spring Boot alternative is used to implement data generation services, IoT sensor reading services, IoT actuators control services, and authentication services, and ultimately assemble them into a secure microservices architecture. Furthermore, considering the designed architecture, relevant security aspects related to the medical and energy domains are analyzed and discussed. Based on the proposed architectural concept, it is shown that well-designed and orchestrated architectures that consider the proper security aspects and their functional influence can lead to stable and secure implementations of the end user’s software platforms.
... The cloud layer provides powerful computing and storage capabilities for cloud-based SCADA systems. However, the authors [55] have presented a variety of security issues in the cloud, such as attacks on user interfaces through the SICADD-MTU Web portal or communication channels to the RTUs. ...
The explosive development of electrical engineering in the early 19th century marked the birth of the 2nd industrial revolution, with the use of electrical energy in place of steam power, as well as changing the history of human development. The versatility of electricity allows people to apply it to a multitude of fields such as transportation, heat applications, lighting, telecommunications, and computers. Nowadays, with the breakout development of science and technology, electric energy sources are formed by many different technologies such as hydroelectricity, solar power, wind power, coal power, etc. These energy sources are connected to form grid systems to transmit electricity to cities, businesses and homes for life and work. Electrical energy today has become the backbone of all modern technologies. To ensure the safe, reliable and energy-efficient operation of the grid, a wide range of grid management applications have been proposed. However, a significant challenge for monitoring and controlling grids is service response time. In recent times, to solve this problem, smart grid management applications based on IoT and edge computing have been proposed. In this work, we perform a comprehensive survey of edge computing for IoT-enabled smart grid systems. In addition, recent smart grid frameworks based on IoT and edge computing are discussed, important requirements are presented, and the open issues and challenges are indicated. We believe that in the Internet of Things era, the smart grid will be the future of energy. We hope that these study results will contribute important guidelines for in-depth research in the field of smart grids and green energy in the future.
... Marian et al. (2020) described asymmetric cryptography and digital signatures for enhancing the security of SCADA architectures [19]. They demonstrated the possibility to include digital signatures with a reliable data communication protocol such as DNP3. ...
Recently, cybercrime attacking the national network has increased. National infrastructure such as water purification plants, power plants, and substations are operated by using programmable logic controllers (PLC). PLC controls through the Industrial Control Systems/Supervisory Control And Data Acquisition (ICS/SCADA), which receives operational commands and sends operational states by communication means such as Ethernet and Modbus. However, the environment of ICS/SCADA, called Industrial IoT, is vulnerable to security attacks unlike recently developed technologies such as IoT devices, systems, and networks. Therefore, this study proposes a new security system to strengthen industrial firewalls. We developed an interface, unauthorized access blocking algorithm, and real-time defense system for system access control. The performance of the proposed system was verified by external organizations. Five performance indicators were measured to validate the proposed system. All indexes were achieved to 100%. We hope that this study and results will help block and defend against cyberattacks.
... In this regard, it is efficient that the computational time must be very low. The performance of the proposed work is compared with the method of performing Multifactor authentication (MFA) [18] to perform transaction in cloud computing network, and with Signature based [22] critical mobile transaction methodology. The computational time for increasing number of service requests is depicted in Figure 5. for whom the hash value is deviated. ...
The progression of digital technology impacts the users to migrate from traditional financial transactions to the online transaction system for performing their financial transactions. The existence of cloud computing and its major benefit of access from anywhere promotes financial transactions. The cloud infrastructure supporting performing financial transactions deals with the huge volume of data and it is quintessential to sustain a high level of security to those sensitive credentials in the cloud storage. The conventional cryptographic algorithms hold good in providing a better level of security to the sensitive data in cloud computing but still fall back to advanced attacks against the cloud data storage. Furthermore, the employment of conventional encryption algorithms in securing the cloud data consumes huge execution time, as it has to perform the authentication check for all types of user access including legitimate and non-legitimate accesses. This research article proposes a novel methodology of incorporating blockchain technology to perform online financial transactions in cloud computing with a high level of security, availability, and reduced execution time. This research work employs Blockchain technology integrated with Elliptical Curve Cryptography (ECC) and Chaotic Map Confusion and Diffusion algorithm to perform secured transactions over a cloud network. The interpretation of the proposed method contributes to better performance in the aforementioned parameters than the existing methodologies. The proposed framework is compared with the conventional method of online transactions using Multi-Factor Authentication (MFA) encompassing the Elliptical Curve Cryptography (ECC). The performance analysis proves that the proposed framework exhibits a high level of security along with reduced computational time, encryption, and decryption cost. The proposed work is interpreted with sample dataset and the computational time is reduced.
... The strategy consists of four stages: identify authentication, key agreement, critical update, and communication protocol. Marian et al. in [19] experimented on DNP3 protocol using digital signatures. IEC 60870-5 Protocol The International Electro-Technical Commission (IEC) 60870-5 protocol also follows EPA model. ...
... Moreover, NIDS provides real-time detection, and it is hard to remove evidence of NIDS. NIDS such as Snort 19 and Zeek 20 use rule sets that define a type of intrusion or unacceptable behaviors such as a port scan or a Denial-of-Service (DoS) attack attempt. Shekari et al. [85] proposed a radio frequency-based distributed intrusion detection system (RFDIDS) for SCADA systems. ...
... 18 https://github.com/ossec/ossec-hids . 19 https://www.snort.org/ . 20 https://www.zeek.org/ . ...
Pipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU - these catastrophic events could result because of an erroneous SCADA system/ Industrial Control System (ICS). SCADA systems have become an essential part of automated control and monitoring of Critical Infrastructures (CI). Modern SCADA systems have evolved from standalone systems into sophisticated, complex, open systems connected to the Internet. This geographically distributed modern SCADA system is more vulnerable to threats and cyber attacks than traditional SCADA. Traditional SCADA systems were less exposed to Internet threats as they operated on isolated networks. Over the years, an increase in the number of cyber-attacks against the SCADA systems seeks security researchers’ attention towards their security. In this review paper, we first review the SCADA system architectures and comparative analysis of proposed/implemented communication protocols, followed by attacks on such systems to understand and highlight the evolving security needs for SCADA systems. A short investigation of the current state of intrusion detection techniques in SCADA systems is done, followed by a brief study of testbeds for SCADA systems. The cloud and Internet of things (IoT) based SCADA systems are studied by analyzing modern SCADA systems’ architecture. In the end, the review paper highlights the critical research problems that need to be resolved to close the security gaps in SCADA systems.
... Signature-based methods use fixed signatures to detect known attacks. However, this method is inefficient in detecting unknown or new attacks (Marian et al. (2020)). The learningbased industrial control anomaly detection technology can identify the anomaly data by extracting the key features of similar samples as the classification basis. ...
Industrial control network is a direct interface between information system and physical control process. Due to the lack of authentication, encryption, and other necessary security protection designs, it has become the main target of malicious attacks under the trend of increasing openness. In order to protect the industrial control systems, we examine the detection of abnormal traffic in industrial control network and propose a method of detecting abnormal traffic in industrial control network based on autoencoder technology. What is more, a new deep autoencoder model was designed to reduce the dimensionality of traffic data in industrial control network. In this article, the Kullback–Leibler divergence was added to the loss function to improve the ability of feature extraction and the ability to recover raw data. Finally, this model was compared with the traditional data dimensionality reduction method (principal component analysis (PCA), independent component analysis, and singular value decomposition) on gas pipeline dataset. The results show that the approach designed in this article outperforms the three methods in different scenes in terms of f 1 score.
The advancement of technology has an influence on consumers' decision to switch from executing your financial information in a conventional way to doing so online. Contracts are encouraged by the use of cloud computers or its key feature of accessibility from everywhere. The enormous amount of data handled by the cloud platform used to facilitate money transfers necessitates maintaining a high degree of security for all those important passwords stored there. Although the conventional authentication methods continue to work well in protecting data in cloud, more sophisticated cyber attacks against cloud-based storage of information still exist. Additionally, using typical cryptographic primitives to secure cloud data requires a significant amount of operation time due to the need to execute verification checks for both valid and illegitimate access control.
