Recovery Measure against Disabling Reassembly Attack to DNP3 Communication
Summary :
In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.
- Publication
- IEICE TRANSACTIONS on Information Vol.E100-D No.8 pp.1790-1797
- Publication Date
- 2017/08/01
- Publicized
- 2017/05/18
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2016ICP0026
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
- Industrial Control System Security
Authors
Sungmoon KWON
Ajou University
Hyunguk YOO
Ajou University
Taeshik SHON
Ajou University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Sungmoon KWON, Hyunguk YOO, Taeshik SHON, "Recovery Measure against Disabling Reassembly Attack to DNP3 Communication" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 8, pp. 1790-1797, August 2017, doi: 10.1587/transinf.2016ICP0026.
Abstract: In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2016ICP0026/_p
Copy
@ARTICLE{e100-d_8_1790,
author={Sungmoon KWON, Hyunguk YOO, Taeshik SHON, },
journal={IEICE TRANSACTIONS on Information},
title={Recovery Measure against Disabling Reassembly Attack to DNP3 Communication},
year={2017},
volume={E100-D},
number={8},
pages={1790-1797},
abstract={In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.},
keywords={},
doi={10.1587/transinf.2016ICP0026},
ISSN={1745-1361},
month={August},}
Copy
TY - JOUR
TI - Recovery Measure against Disabling Reassembly Attack to DNP3 Communication
T2 - IEICE TRANSACTIONS on Information
SP - 1790
EP - 1797
AU - Sungmoon KWON
AU - Hyunguk YOO
AU - Taeshik SHON
PY - 2017
DO - 10.1587/transinf.2016ICP0026
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2017
AB - In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.
ER -
English
