Security Analysis of Multilayer SCADA Protocols

  • Janica Edmonds
  • Mauricio Papa
  • Sujeet Shenoi
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

The layering of protocols in critical infrastructure networks – exemplified by Modbus TCP in the oil and gas sector and SS7oIP in the telecommunications sector – raises important security issues. The individual protocol stacks, e.g., Modbus and SS7, have certain vulnerabilities, and transporting these protocols using carrier protocols, e.g., TCP/IP, brings into play the vulnerabilities of the carrier protocols. Moreover, the layering produces unintended inter-protocol interactions and, possibly, new vulnerabilities. This paper describes a formal methodology for evaluating the security of multilayer SCADA protocols. The methodology, involving the analysis of peer-to-peer communications and multilayer protocol interactions, is discussed in the context of Modbus TCP, the predominant protocol used for oil and gas pipeline operations.

Keywords: Multilayer protocols, Modbus TCP, security analysis, formal methods


Request Message Critical Infrastructure Transport Control Protocol Function Code Security Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    M. Abadi and B. Blanchet, Analyzing security protocols with secrecy types and logic programs, Journal of the ACM, vol. 52(1), pp. 102-146, 2005.MathSciNetCrossRefMATHGoogle Scholar
  2. [2]
    R. Anderson and R. Needham, Programming Satan’s computer, in Com- puter Science Today: Recent Trends and Developments (LNCS Vol. 1000), J. van Leeuwen (Ed. ), Springer-Verlag, Berlin, Germany, pp. 426-440, 1995.CrossRefGoogle Scholar
  3. [3]
    A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P. Heam, O. Kouchnarenko, J. Mantovani, S. Modersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Vigano and L. Vigneron, The AVISPA tool for the automated validation of Internet security protocols and applications, Proceedings of the Seventeenth International Conference on Computer-Aided Verification, pp. 281-285, 2005.Google Scholar
  4. [4]
    D. Basin, S. Modersheim and L. Vigano, An on-the-fly model checker for security protocol analysis, Proceedings of the Eighth European Symposium on Research in Computer Security, pp. 253-270, 2003.Google Scholar
  5. [5]
    D. Dolev and A. Yao, On the security of public key protocols, IEEE Trans- actions on Information Theory, vol. 29(2), pp. 198-208, 1983.MathSciNetCrossRefMATHGoogle Scholar
  6. [6]
    L. Dryburgh and J. Hewitt, Signaling System No. 7 (SS7/C7): Protocol, Architecture and Services, Cisco Press, Indianapolis, Indiana, 2005.Google Scholar
  7. [7]
    J. Edmonds, Security Analysis of Multilayer Protocols in SCADA Net- works, Ph. D. Dissertation, Department of Computer Science, University of Tulsa, Tulsa, Oklahoma, 2006.Google Scholar
  8. [8]
    S. Escobar, C. Meadows and J. Meseguer, A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties, Theoretical Computer Science, vol. 367(1-2), pp. 162-202, 2006.MathSciNetCrossRefMATHGoogle Scholar
  9. [9]
    L. Lamport, The temporal logic of actions, ACM Transactions on Pro- gramming Languages and Systems, vol. 16(3), pp. 872-923, 1994.CrossRefGoogle Scholar
  10. [10]
    G. Lowe, A hierarchy of authentication specifications, Proceedings of the Tenth Computer Security Foundations Workshop, pp. 31-44, 1997.Google Scholar
  11. [11]
    G. Lowe, Casper: A compiler for the analysis of security protocols, Journal of Computer Security, vol. 6, pp. 53-84, 1998.CrossRefGoogle Scholar
  12. Modbus IDA, MODBUS Application Protocol Specification v1. 1a, North Grafton, Massachusetts (, June 4, 2004.
  13. Modbus IDA, MODBUS Messaging on TCP/IP Implementation Guide v1. 0a, North Grafton, Massachusetts (www.modbus. org/specs. php), June 4, 2004.
  14. Modbus. org, MODBUS over Serial Line Specification and Implementation Guide v1. 0, North Grafton, Massachusetts (, February 12, 2002.
  15. L. Ong, I. Rytina, M. Garcia, H. Schwarzbauer, L. Coene, H. Lin, I. Juhasz, M. Holdrege and C. Sharp, Framework Architecture for Signaling Transport, RFC 2719, October 1999.Google Scholar
  16. [16]
    M. Papa, O. Bremer, J. Hale and S. Shenoi, Formal analysis of E-commerce protocols, IEICE Transactions on Information and Systems, vol. E84-D(10), pp. 1313-1323, 2001.Google Scholar
  17. [17]
    M. Papa, O. Bremer, J. Hale and S. Shenoi, Integrating logics and process calculi for cryptographic protocol analysis, in Security and Privacy in the Age of Uncertainty, D. Gritzalis, S. De Capitani di Vimercati, P. Samarati and S. Katsikas (Eds. ), Kluwer, Boston, pp. 349-360, 2003.Google Scholar
  18. [18]
    L. Vigano, Automated security protocol analysis with the AVISPA tool, Proceedings of the Twenty-First Conference on the Mathematical Foundations of Programming Semantics, pp. 61-86, 2006.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Janica Edmonds
    • 1
  • Mauricio Papa
    • 1
  • Sujeet Shenoi
    • 1
  1. 1.MathematicsUniversity of TulsaTulsaUSA

Personalised recommendations