Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Critical Information Infrastructures Security

CRITIS 2009: Critical Information Infrastructures Security pp 111–123Cite as

Application Filters for TCP/IP Industrial Automation Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6027))

Abstract

The use of firewalls is a common approach usually meant to secure Automation Technology (AT) from Information Technology (TI) networks. This work proposes a filtering system for TCP/IP-based automation networks in which only certain kind of industrial traffic is permitted. All network traffic which does not conform with a proper industrial protocol pattern or with specific rules for its actions is supposed to be abnormal and must be blocked. As a case study, we developed a seventh layer firewall application with the ability of blocking spurious traffic, using an IP packet queueing engine and a regular expression library.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Byres, E., Hoffmann, D.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. Technical report (2003)

    Google Scholar 

  2. Creery, A., Byres, E.: Industrial Cybersecurity For Power System And Scada Networks. In: 52nd Industry Applications Society Conference on Petroleum and Chemical Industry, pp. 303–309 (2005)

    Google Scholar 

  3. Pires, P., Oliveira, L.: Security Aspects of SCADA and Corporate Network Interconnection: An Overview. In: Proceedings of International Conference on Dependability of Computer Systems, DepCoS-RELCOMEX, Szklarska Poreba, Poland, pp. 127–132 (2006)

    Google Scholar 

  4. Krutz, R.L.: Securing SCADA Systems. Willey, Indianapolis (2006)

    Google Scholar 

  5. Treytl, A., Sauter, T., Schwaiger, C.: Security Measures for Industrial Fieldbus Systems - State of the Art and Solutions for IP-based Approaches. In: Proceedings of IEEE International Workshop on Factory Communication Systems, September 2004, pp. 201–209 (2004)

    Google Scholar 

  6. Dzung, D., Naedele, M., Hoff, T.P.V., Crevatin, M.: Security for Industrial Communication Systems. Proceedings of IEEE 93, 1152–1177 (2005)

    Article  Google Scholar 

  7. Byres, E., Karsch, J., Carter, J.: NISCC Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks (February 2005)

    Google Scholar 

  8. P. C. Group, NISCC: Good Practice Guide: Process Control and SCADA Security (October 2005)

    Google Scholar 

  9. Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. NIST Special Publication (800-82) (September 2006)

    Google Scholar 

  10. Paukatong, T.: SCADA Security: A New Concerning Issue of an In-house EGAT-SCADA. In: 2005 IEEE/PES Transmission and Distribution Conference and Exhibition: Asia and Pacific, pp. 1–5 (2005)

    Google Scholar 

  11. Pollet, J.: Developing a Solid SCADA Security Strategy. In: Sensors for Industry Conference (Sicon/02), pp. 19–21 (2002)

    Google Scholar 

  12. l7 filter: Application Layer Packet Classifier for Linux (2009), http://l7-filter.sourceforge.net

  13. Netfilter.org: Linux Netfilter (2009), http://www.netfilter.org

  14. Franz, M., Pothamsetty, V.: Transparent Modbus/TCP Filtering with Linux (2004), http://modbusfw.sourceforge.net/

  15. Modbus-IDA: Modbus Application Protocol Specification. Modbus-IDA (December 2006)

    Google Scholar 

  16. Bies, L.: Modbus Interface Tutorial. Technical report (2009)

    Google Scholar 

  17. Acromag: Introduction To Modbus TCP/IP. Acromag Incorporated (2005)

    Google Scholar 

  18. Modbus-IDA: Modbus Messaging on TCP/IP Implementation Guide. Modbus-IDA (October 2006)

    Google Scholar 

  19. Kobayashi, T.H., Batista, A.B., Brito, A.M., Motta Pires, P.S.: Using a Packet Manipulation Tool for Security Analysis of Industrial Network Protocols. In: IEEE Conference on Emerging Technologies and Factory Automation, pp. 744–747. ETFA (September 2007)

    Google Scholar 

  20. Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: Scada Malware, a proof of Concept. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 247–257. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Netfilter: Linux Netfilter Hacking HOWTO (2009), http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-4.html

  22. Libipq: Libipq - Iptables userspace packet queuing library (2009), http://linux.die.net/man/3/libipq

  23. Benvenuti, C.: Understanding Linux Network Internals. O’Reilly, Sebastopol (2005)

    Google Scholar 

  24. PCRE: Pcre - perl compatible regular expressions (2009), http://www.pcre.org

  25. Perl: perlre - perl regular expressions (2009), http://perldoc.perl.org/perlre.html

  26. Jamod: jamod (2009), http://jamod.sourceforge.net

Download references

Author information

Authors and Affiliations

  1. LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation, Federal University of Rio Grande do Norte, Natal, RN, Brazil

    Aguinaldo B. Batista Jr., Tiago H. Kobayashi, João Paulo S. Medeiros, Agostinho M. Brito Jr. & Paulo S. Motta Pires

Authors
  1. Aguinaldo B. Batista Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tiago H. Kobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. João Paulo S. Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Agostinho M. Brito Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Paulo S. Motta Pires
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer IAIS, Sankt Augustin, Germany

    Erich Rome

  2. Centre for Software Reliability, Northampton Square, City University, London, EC1V 0HB, London, UK

    Robin Bloomfield

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Batista, A.B., Kobayashi, T.H., Medeiros, J.P.S., Brito, A.M., Motta Pires, P.S. (2010). Application Filters for TCP/IP Industrial Automation Protocols. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14379-3_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14378-6

  • Online ISBN: 978-3-642-14379-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation