Endüstriyel Kontrol Sistemleri ve SCADA Uygulamalarının Siber Güvenliği: Modbus TCP Protokolü Örneği
Abstract
Elektrik
üretim, iletim ve dağıtım sistemleri ulusal güvenlik boyutunda
değerlendirilmekte olup kritik altyapılar olarak tanımlanmaktadır. Bu
sistemlerin izlenmesi ve denetimi Endüstriyel Kontrol Sistemleri (EKS) veya
Danışmalı Kontrol ve Veri Toplama Sistemleri (SCADA) ile sağlanmaktadır. Haberleşme
ve internet teknolojisindeki güncel gelişmelere bağlı olarak EKS/SCADA
sistemleri de bilişim teknolojileriyle entegre çalışır hale gelmiştir. Bu
duruma paralel olarak bilgi ve iletişim teknolojisinde mevcut olan veya ortaya
çıkan güvenlik zafiyetleri SCADA sistemlerini de direkt olarak
etkileyebilmektedir. Bu
nedenle çalışmada, EKS/SCADA sistemlerinin siber güvenliği üzerinde
durulmuş ve bu sistemlerde en fazla kullanılan endüstriyel haberleşme
protokollerinden birisi olan Modbus TCP protokolünde tespit edilen kimlik
doğrulama eksikliğinin istismar edilebildiği ortaya konulmuştur. Bu güvenlik
sorununa çözüm olarak saldırıyı engellemeye veya hafifletmeye yönelik Python
programlama dili kullanılarak bir program yazılmıştır. Önerilen çözüm, çeşitli
testlere tabi tutulmuş ve gerçekleştirilen siber saldırıların engellenebildiği
ispatlanmıştır. Sunulan çalışmanın, EKS/SCADA sistemlerinin ve bu sistemlerin
haberleşmesinde kullanılan endüstriyel protokollerin güvenliğine katkılar
sağlayacağı değerlendirilmektedir.
References
- M. Unver, C. Canbay, “Ulusal ve Uluslararası Boyutlarıyla Si̇ber Güvenli̇k,” 2010.
- R. Sanz, K. Årzén, “Trends in Software and Control,” IEEE Control System Magazine, no. June, 2003.
- R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, “Security Strategies for SCADA Networks,” Critical Infrastructure Protection, sayı 253, pp. 117–131.
- L. Yanfei, W. Cheng, Y. Chengbo, Q. Xiaojun, “Research on ZigBee Wireless Sensors Network Based on ModBus Protocol,” Proceedings - 2009 International Forum on Information Technology and Applications, sayı 1, 487–490, 2009.
- L. Yanfei and W. Cheng, “An Improved Design of ZigBee Wireless Sensor Network,” 2nd IEEE International Conference on Computer Science and Information Technology, 515–518, 2009.
- R. Bayindir, Ş. Sağıroğlu, A. Özbilen, İ. Çolak, “Investigating Industrial Risks Based on Information Security for Observerable Electrical Energy Distribution System and Suggestions,” Gazi University Journal of Faculty of Engineering and Architecture, 24: 4, 715–723, 2009.
- Q. Xiong et al., “A Vulnerability Detecting Method for Modbus-TCP Based on Smart Fuzzing Mechanism,” IEEE International Conference on Electro Information Technology, 404–409, 2015.
- S. Bhatia, N. Kush, C. Djamaludin, J. Akande, and E. Foo, “Practical Modbus Flooding Attack and Detection”, Conferences in Research and Practice in Information Technology Series, 57–65, 2014.
- W. L. Shang, L. Li, M. Wan, ve P. Zeng (2015). “Security Defense Model of Modbus TCP Communication Based on Zone / Border Rules : Misuse”.
- B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-Purry, ve D. Kundur (2015). “Implementing Attacks for Modbus/TCP Protocol in a Real-Time Cyber Physical System Testbed”, Proceedings - CQR 2015: 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability.
- G. Dondossola, G. Garrone, J. Szanto, G. Deconinck, T. Loix, ve H. Beitollahi (2009). “ICT Resilience of Power Control Systems: Experimental Results from the Crutial Testbeds”, Proceedings of the International Conference on Dependable Systems and Networks, 554–559.
- G. Dondossola, G. Deconinck, F. Garrone, ve H. Beitollahi (2009). “Testbeds for Assessing Critical Scenarios in Power Control Systems”, 223–234.
- M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga, ve S. Hariri (2011). “A testbed for Analyzing Security of SCADA Control Systems (TASSCS)”, IEEE PES Innovative Smart Grid Technologies Conference Europe, ISGT Europe, 1–7.
- “MODBUS Application Protocol,” Modbus IDA, 1–51, 2006.
- B. Dutertre, “Formal Modeling and Analysis of The Modbus Protocol,” Critical Infrastructure Protection, 189–204, 2007.
- A. Swales, “Open Modbus / Tcp Specification”, Schneider Electric, 1–26, 1999.
- P. Huitsing, R. Chandia, M. Papa, and S. Shenoi, “Attack Taxonomies for The Modbus Protocols,” nternational Journal of Critical Infrastructure Protection, 37–44, 2008.
- “MODBUS over Serial Line–Specification and Implementation Guide,” 2002.
- T. H. Morris, “On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control,” 9: 1, 37–56, 2009.
- İnternet: http://www.modbustools.com/download.html, “Modbus Poll Simulator.” Erişim Tarihi: 25-May-2017.
Abstract
Electrical
energy generation, transmission and distribution systems are evaluated in terms
of national security dimension and defined as critical infrastructures.
Monitoring and controlling of these systems is provided by Industrial Control
Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems. According
to the latest advances in communication and internet technology, ICS/SCADA
systems have started to become integrated with these systems. As a result of
this situation, current or existing vulnerabilities in information and
communication technology affect to SCADA systems directly. Therefore, this
paper focuses on the cyber security of ICS/SCADA systems. It has been proved
that the lack of authentication detected in Modbus TCP protocol, one of the
most used in ICS/SCADA systems, can be exploited. In order to solve this
security issue, a software is developed using the Python programming language
for blocking or mitigating the cyber attacks. The proposed solution is
subjected to several tests and results show that the attacks can be prevented
successfully. Thus, it is considered that the proposed work will contribute to
the security of ICS/SCADA systems and the industrial protocols using for communicating
these systems.
References
- M. Unver, C. Canbay, “Ulusal ve Uluslararası Boyutlarıyla Si̇ber Güvenli̇k,” 2010.
- R. Sanz, K. Årzén, “Trends in Software and Control,” IEEE Control System Magazine, no. June, 2003.
- R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, “Security Strategies for SCADA Networks,” Critical Infrastructure Protection, sayı 253, pp. 117–131.
- L. Yanfei, W. Cheng, Y. Chengbo, Q. Xiaojun, “Research on ZigBee Wireless Sensors Network Based on ModBus Protocol,” Proceedings - 2009 International Forum on Information Technology and Applications, sayı 1, 487–490, 2009.
- L. Yanfei and W. Cheng, “An Improved Design of ZigBee Wireless Sensor Network,” 2nd IEEE International Conference on Computer Science and Information Technology, 515–518, 2009.
- R. Bayindir, Ş. Sağıroğlu, A. Özbilen, İ. Çolak, “Investigating Industrial Risks Based on Information Security for Observerable Electrical Energy Distribution System and Suggestions,” Gazi University Journal of Faculty of Engineering and Architecture, 24: 4, 715–723, 2009.
- Q. Xiong et al., “A Vulnerability Detecting Method for Modbus-TCP Based on Smart Fuzzing Mechanism,” IEEE International Conference on Electro Information Technology, 404–409, 2015.
- S. Bhatia, N. Kush, C. Djamaludin, J. Akande, and E. Foo, “Practical Modbus Flooding Attack and Detection”, Conferences in Research and Practice in Information Technology Series, 57–65, 2014.
- W. L. Shang, L. Li, M. Wan, ve P. Zeng (2015). “Security Defense Model of Modbus TCP Communication Based on Zone / Border Rules : Misuse”.
- B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-Purry, ve D. Kundur (2015). “Implementing Attacks for Modbus/TCP Protocol in a Real-Time Cyber Physical System Testbed”, Proceedings - CQR 2015: 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability.
- G. Dondossola, G. Garrone, J. Szanto, G. Deconinck, T. Loix, ve H. Beitollahi (2009). “ICT Resilience of Power Control Systems: Experimental Results from the Crutial Testbeds”, Proceedings of the International Conference on Dependable Systems and Networks, 554–559.
- G. Dondossola, G. Deconinck, F. Garrone, ve H. Beitollahi (2009). “Testbeds for Assessing Critical Scenarios in Power Control Systems”, 223–234.
- M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga, ve S. Hariri (2011). “A testbed for Analyzing Security of SCADA Control Systems (TASSCS)”, IEEE PES Innovative Smart Grid Technologies Conference Europe, ISGT Europe, 1–7.
- “MODBUS Application Protocol,” Modbus IDA, 1–51, 2006.
- B. Dutertre, “Formal Modeling and Analysis of The Modbus Protocol,” Critical Infrastructure Protection, 189–204, 2007.
- A. Swales, “Open Modbus / Tcp Specification”, Schneider Electric, 1–26, 1999.
- P. Huitsing, R. Chandia, M. Papa, and S. Shenoi, “Attack Taxonomies for The Modbus Protocols,” nternational Journal of Critical Infrastructure Protection, 37–44, 2008.
- “MODBUS over Serial Line–Specification and Implementation Guide,” 2002.
- T. H. Morris, “On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control,” 9: 1, 37–56, 2009.
- İnternet: http://www.modbustools.com/download.html, “Modbus Poll Simulator.” Erişim Tarihi: 25-May-2017.
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Engineering |
| Journal Section | Tasarım ve Teknoloji |
| Authors | |
| Publication Date | March 30, 2018 |
| Submission Date | December 11, 2017 |
| Published in Issue | Year 2018 Volume: 6 Issue: 1 |
