Security Analysis of Multilayer SCADA Protocols
The layering of protocols in critical infrastructure networks – exemplified by Modbus TCP in the oil and gas sector and SS7oIP in the telecommunications sector – raises important security issues. The individual protocol stacks, e.g., Modbus and SS7, have certain vulnerabilities, and transporting these protocols using carrier protocols, e.g., TCP/IP, brings into play the vulnerabilities of the carrier protocols. Moreover, the layering produces unintended inter-protocol interactions and, possibly, new vulnerabilities. This paper describes a formal methodology for evaluating the security of multilayer SCADA protocols. The methodology, involving the analysis of peer-to-peer communications and multilayer protocol interactions, is discussed in the context of Modbus TCP, the predominant protocol used for oil and gas pipeline operations.
Keywords: Multilayer protocols, Modbus TCP, security analysis, formal methods
KeywordsRequest Message Critical Infrastructure Transport Control Protocol Function Code Security Goal
- A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P. Heam, O. Kouchnarenko, J. Mantovani, S. Modersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Vigano and L. Vigneron, The AVISPA tool for the automated validation of Internet security protocols and applications, Proceedings of the Seventeenth International Conference on Computer-Aided Verification, pp. 281-285, 2005.Google Scholar
- D. Basin, S. Modersheim and L. Vigano, An on-the-fly model checker for security protocol analysis, Proceedings of the Eighth European Symposium on Research in Computer Security, pp. 253-270, 2003.Google Scholar
- L. Dryburgh and J. Hewitt, Signaling System No. 7 (SS7/C7): Protocol, Architecture and Services, Cisco Press, Indianapolis, Indiana, 2005.Google Scholar
- J. Edmonds, Security Analysis of Multilayer Protocols in SCADA Net- works, Ph. D. Dissertation, Department of Computer Science, University of Tulsa, Tulsa, Oklahoma, 2006.Google Scholar
- G. Lowe, A hierarchy of authentication specifications, Proceedings of the Tenth Computer Security Foundations Workshop, pp. 31-44, 1997.Google Scholar
- Modbus IDA, MODBUS Application Protocol Specification v1. 1a, North Grafton, Massachusetts (www.modbus.org/specs.php), June 4, 2004.
- Modbus IDA, MODBUS Messaging on TCP/IP Implementation Guide v1. 0a, North Grafton, Massachusetts (www.modbus. org/specs. php), June 4, 2004.
- Modbus. org, MODBUS over Serial Line Specification and Implementation Guide v1. 0, North Grafton, Massachusetts (www.modbus.org/specs.php), February 12, 2002.
- L. Ong, I. Rytina, M. Garcia, H. Schwarzbauer, L. Coene, H. Lin, I. Juhasz, M. Holdrege and C. Sharp, Framework Architecture for Signaling Transport, RFC 2719, October 1999.Google Scholar
- M. Papa, O. Bremer, J. Hale and S. Shenoi, Formal analysis of E-commerce protocols, IEICE Transactions on Information and Systems, vol. E84-D(10), pp. 1313-1323, 2001.Google Scholar
- M. Papa, O. Bremer, J. Hale and S. Shenoi, Integrating logics and process calculi for cryptographic protocol analysis, in Security and Privacy in the Age of Uncertainty, D. Gritzalis, S. De Capitani di Vimercati, P. Samarati and S. Katsikas (Eds. ), Kluwer, Boston, pp. 349-360, 2003.Google Scholar
- L. Vigano, Automated security protocol analysis with the AVISPA tool, Proceedings of the Twenty-First Conference on the Mathematical Foundations of Programming Semantics, pp. 61-86, 2006.Google Scholar