Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Aamir Shahzad, Malrey Lee, Young-Keun Lee, Suntae Kim, Naixue Xiong, Jae-Young Choi, Younghwa Cho
2015 Symmetry  
Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found
more » ... to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods. OPEN ACCESS Symmetry 2015, 7 1177 Keywords: symmetric encryption; asymmetric encryption; hashing; cryptography buffer Introduction The MODBUS protocol is part of the supervisory control and data acquisition (SCADA) system, and it is the most commonly used protocol in industrial systems, including the oil and gas industries and power industries [1] [2] [3] [4] . The MODBUS protocol offers an application layer (open system interconnection (OSI) model) messaging protocol that constructs the message with implicit function codes and defines communication rules for control systems to supervise and control the overall industrial infrastructure [1, [5] [6] [7] . Massive progress has been made in-terms of improvements in collecting and analyzing and developing system controls. As a result, MODBUS has become more prominent in industrial applications and is now employed all over the world [8] [9] [10] [11] [12] . The MODBUS protocol typically has two types of communication principals, including MODBUS serial line and MODBUS Transmission Control Protocol/ Internet Protocol (TCP/IP). In the MODBUS serial protocol, protocol messages are transmitted between the main controller and the sub-controller and/or vice versa by employing remote terminal unit (RTU) controller modes over the serial lines. Usually, the MODBUS message contains three main fields, including recipient address, protocol data unit (PDU) and error checking field. During transmission, the sub-controller address is added in the specified field in the request message and the corresponding address is placed in a response message that identifies the main controller [1]. Nowadays, the MODBUS protocol provides facilities to establish a connection with a local area network (LAN), and the main controller may be connected to a number of sub-controllers for communication to take place via transport control protocol (TCP). In addition, MODBUS protocol also employs IP interconnectivity between multiple main controllers and sub-controllers, which means that one sub-controller or field device concurrently responds to multiple main controllers and/or multiple sub-controllers are configured with a single main controller in the MODBUS TCP/IP network. During communication, the MODBUS PDU is encapsulated in the TCP payload, and therefore, the MODBUS application protocol (MBAP) is added with the original MODBUS application PDU, which is used in the MODBUS serial protocol [1, [4] [5] [6] [7] [8] . The MODBUS TCP/IP protocol provides a considerable efficiency for industrial SCADA systems and infrastructure, and the number of field devices that are connected with one or more main controllers via TCP/IP protocols may be geographically located at a distance [1, 5, [13] [14] [15] . Nevertheless, the increased connectivity over different IP based non-proprietary networks and the implementation of an open TCP protocol over an Internet connection results in the MODBUS protocol becoming vulnerable to several types of security attacks [1, 5, 8, 12, 15] . In general, little attention has been paid to security for the MODBUS protocol, that is, the MODBUS protocol was designed with maximum functionalities but with little attention to security issues [14] [15] [16] [17] [18] [19] [20] [21] . References [8, 12, 14, [22] [23] [24] [25] [26] provide details of a survey conducted for SCADA protocol security issues, in addition to potential attacks that are considered to be harmful for SCADA/MODBUS communication [22] . In general, potential attacks that are considered to be harmful for a SCADA/MODBUS system (or network) are grouped into three types: attacks against the MODBUS Symmetry 2015, 7 1178 protocol specifications, attacks against MODBUS protocol vendor implementations, and attacks against infrastructure or SCADA/MODBUS system components [22, 26] . With respect to the initial stage, attacks can be categorized into four main parts based on MODBUS protocol communication, including interception, interruption, modification and fabrication [22, 24] . In other words, the MODBUS serial protocol communication includes components such as the main controller, sub-controllers, serial link and messages that may suffer from attacks. In the case where the MODBUS TCP is used, attacks may affect the main controller, sub-controllers, network communication paths and messages. As a result, a detailed taxonomy of the attacks has been conducted, and the attacks to the integrity, authentication, confidentiality and others [22, 25, 27] are considered to be the most harmful for SCADA/MODBUS communications [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] . As a result, SCADA/MODBUS communications have suffered from potential vulnerabilities and attacks that have disrupted service by the protocol as well as the overall SCADA industrial systems [21, 22, [33] [34] [35] [36] [37] [38] [39] [40] . Nowadays, security is considered to be a big challenge for the MODBUS protocol as part of SCADA communication. Real attention is needed to resolve these potential security issues of SCADA/MODBUS communication, and an intelligent mechanism is required for security performance to significantly improve. The core security mechanisms that have been considered to provide security for traditional networks as well as for critical networks, including SCADA/MODBUS network, involve the use of cryptography, such as symmetric and asymmetric encryption algorithms [35] [36] [37] [38] [39] [40] . Symmetric key mechanisms are rigorous approaches that improve the security of SCADA/MODBUS messages, and these methods are provide reliable security, even in the case where SCADA needs to carry larger amounts of data in a short session. Usually, an integrated key or session key is employed to secure SCADA communication against attacks, and distribution methods including centralized and decentralized key distribution are used to distribute keys securely using channels between the main controller and sub-controllers (or field devices) and/or vice versa. Several forms of distribution and management for keys have been developed [41] [42] [43] [44] [45] [46] . Decentralized key distribution is considered to be the most reliable scheme in which the master keeps control of the Key distribution center (KDC), and SCADA transmission occurs between the main controller and the sub-controller(s) [16, [41] [42] [43] [44] [45] [46] [47] . However, this study employed a static method or keys were generated and distributed statistically between participating nodes, such as the main controller and the sub-controllers. The certificate authority (CA) is a limitation of this study and should be considered in order to deploy and employ as a future prospect. Cryptography has been considered to provide the most accurate method to improve security in traditional and in real-time networks [25, [29] [30] [31] [35] [36] [37] [38] [39] [40] . These security schemes have several advantages relative to other well known security approaches, including Secure Sockets Layer/Transport Layer Security (SSL/TLS), Internet Protocol Security (IPSec), Secure Shell (SHH), security patterns and others. These cryptography schemes also offer complete security solutions without any other protocol dependencies [25, [29] [30] [31] [32] . However, the number of key points should be taken into account during security development for real-time networks, such as for SCADA systems [29, 30] . Asymmetric cryptography uses a number of keys and extensive computation time relative to symmetric key encryption. Therefore, this could be considered to be an inadequate security solution for a few scenarios of SCADA systems [25, [27] [28] [29] [30] [31] [32] . Existing end-to-end studies [15] [16] [17] [19] [20] [21] [22] 25, [28] [29] [30] [31] [32] [33] have been conducted on cryptography to improve the security of a SCADA system and its protocols security. In the end-to-end scenarios, the first messages are generated and communication rules are specified from the
doi:10.3390/sym7031176 fatcat:axu5asf5s5dx7nxg3qsdt6yr4i