Abstract
The security of Supervisory Control and Data Acquistition systems (SCADA) has become these last years, a major worldwide concern. Indeed, several incidents and cyber-attacks stressed the emergency to make more efforts to secure these systems which manage important economical infrastructures. The increasing use of wireless sensors also brings their security vulnerabilities. Therefore, several communication protocols were developed to meet real time and security requirements needed by this kind of systems. WirelessHART is the first approved international standard for industrial wireless devices. It implements several mechanisms to ensure hop-by-hop and end-to-end security. However, despite these mechanisms, it remains possible for an attacker to conduct an attack against such wireless networks. In this paper, we give the first description of a Sybil attack specially tailored to target WirelessHART based SCADA systems. This attack can lead to harmful consequences such as disturbing the infrastructure functioning, interrupting it or more again causing its destruction (overheating of a nuclear reactor).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response, vol. 5 (2011)
Slay, J., Miller, M.: Lessons learned from the maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection, Post-Proceedings of the First Annual IFIPWorking Group 11.10 International Conference on Critical Infrastructure Protection. IFIP, vol. 253, pp. 73–82. Springer, USA (2007)
Cárdenas, A.A., Roosta, T., Sastry, S.: Rethinking security properties, threat models, and the design space in sensor networks: a case study in SCADA systems. Ad Hoc Netw. 7(8), 1434–1447 (2009)
ZigBee Alliance: ZigBee Pro. http://www.zigbee.org
HART Communication Foundation: WirelessHART. http://www.hartcom.org
Wireless System for Automation: ISA100. http://www.isa.org
Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)
Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Netw. 1(2–3), 293–315 (2003)
Newsome, J., Shi, E., Song, D.X., Perrig, A.: The sybil attack in sensor networks: analysis and defenses. In: Ramchandran, K., Sztipanovits, J., Hou, J.C., Pappas, T.N. (eds.) Proceedings of the Third International Symposium on Information Processing in Sensor Networks, IPSN, pp. 259–268. ACM, USA (2004)
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)
Stouffer, K.A., Falco, J.A., Scarfone, K.A.: SP 800–82. Guide to industrial control systems (ICS) security. Technical report, National Institute of Standards and Technology, Gaithersburg, MD, United States (2011)
Larkin, R.D., Lopez Jr., J., Butts, J.W., Grimaila, M.R.: Evaluation of security solutions in the SCADA environment. SIGMIS Database 45(1), 38–53 (2014). http://dx.doi.org/10.1145/2591056.2591060
Tabrizi, F.M., Pattabiraman, K.: A model-based intrusion detection system for smart meters. In: 15th International IEEE Symposium on High-Assurance Systems Engineering, HASE 2014, Miami Beach, FL, USA, 9–11 January 2014, pp. 17–24. IEEE Computer Society (2014)
Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the modbus protocols. IJCIP 1, 37–44 (2008)
Fovino, I.N., Carcano, A., Murel, T.D.L., Trombetta, A., Masera, M.: Modbus/DNP3 state-based intrusion detection system. In: 24th IEEE International Conference on Advanced Information Networking and Applications, AINA, pp. 729–736. IEEE Computer Society, Australia (2010)
Coppolino, L., D’Antonio, S., Romano, L., Spagnuolo, G.: An intrusion detection system for critical information infrastructures using wireless sensor network technologies. In: 2010 5th International Conference on Critical Infrastructure (CRIS), pp. 1–8, September 2010
Han, S., Zhu, X., Mok, A.K., Chen, D., Nixon, M.: Reliable and real-time communication in industrial wireless mesh networks. In: 17th IEEE RTAS, pp. 3–12. IEEE Computer Society, USA (2011)
Kim, A.N., Hekland, F., Petersen, S., Doyle, P.: When HART goes wireless: understanding and implementing the wirelesshart standard. In: Proceedings of 13th IEEE International Conference on Emerging Technologies and Factory Automation, ETFA, Hamburg, Germany, pp. 899–907. IEEE (2008)
Song, J., Han, S., Mok, A., Chen, D., Lucas, M., Nixon, M.: Wirelesshart: applying wireless technology in real-time industrial process control. In: Real-Time and Embedded Technology and Applications Symposium, RTAS 2008, pp. 377–386, IEEE, April 2008
Alcaraz, C., Lopez, J.: A security analysis for wireless sensor mesh networks in highly critical systems. IEEE Trans. Syst. Man Cybern. Part C 40(4), 419–428 (2010)
Petersen, S., Carlsen, S.: Wirelesshart versus ISA100.11a: the format war hits the factory floor. Ind. Electron. Mag. IEEE 5(4), 23–34 (2011)
Raza, S., Slabbert, A., Voigt, T., Landernäs, K.: Security considerations for the wirelesshart protocol. In: Proceedings of 12th IEEE International Conference on Emerging Technologies and Factory Automation, ETFA, pp. 1–8. IEEE, Spain (2009)
Roosta, T., Nilsson, D.K., Lindqvist, U., Valdes, A.: An intrusion detection system for wireless process control systems. In: IEEE 5th International Conference on Mobile Adhoc and Sensor Systems, MASS, pp. 866–872. IEEE, USA (2008)
OMNeT++. http://www.omnetpp.org/
InetManet. https://github.com/aarizaq/inetmanet-2.0
IEEE 802.15.4-2006: Standard for local and metropolitan area networks-part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs). http://www.ieee.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Bayou, L., Espes, D., Cuppens-Boulahia, N., Cuppens, F. (2016). Security Issue of WirelessHART Based SCADA Systems. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-31811-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31810-3
Online ISBN: 978-3-319-31811-0
eBook Packages: Computer ScienceComputer Science (R0)