Abstract

Abstract: SCADA ( Supervisory control and data acquisition) is a system which allows a control of remote industrial equipments, over a communication channel. These legacy communication channels were designed before the cyber space era,and hence they lack any security measures in their network which makes them vulnerable to any cyber attack. RasGas a joint venture between QP and ExxonMobil, was one victim of such attack, it was hit with an unknown virus. The nuclear facility in Iran was hit with a virus called “Stuxnet”, it particulary targets Siemens industrial control systems. The goal of this project is to design a model of a SCADA system that is secured against network attacks. Lets consider for example a simple SCADA system which consist of a Water tank in a remote location and a local control room. the operator controls the water level and temperature using a control panel. The communication channels uses a TCP/IP , protocols through WIFI. The operator raises the temperature of the water by raising the power of the heater, then reads the real temperature of the heater and the water via installed sensors. We consider a man-In-The middle (Adversary) which has access to the network through WIFI. With basic skills s/he is able to redirects tcp/ip traffic to his machine (tapping) and alter data. He can for instance raise water level to reach overflow, or increase the temperature above the "danger zone", and sends back fake sensors data by modifying their response. We introduce an encryption device that encrypt the data such that without the right security credentials , the adversary wont be able to interpret the data and hence not able to modify it. The device is installed at both the control room and the remote tank, and we assume both places are physically secured. To demonstrate the Model. We design and setup a SCADA Model emulator server, that represents and serves as a Water tank, which consists of actuators and sensors. Which is connected to a work station through a network switch. We also setup an adversary workstation that taps and alters the communication between them. We Design Two hardware encryption/decryption devices using FPGA boards and connect them at the ports of both the server and control workstation which we assume to be in a secured zone. and then we analyze the flow of data stream through both secured and non secured state of the channel.

Loading

Article metrics loading...

/content/papers/10.5339/qfarc.2014.ITPP1036
2014-11-18
2024-03-29
Loading full text...

Full text loading...

http://instance.metastore.ingenta.com/content/papers/10.5339/qfarc.2014.ITPP1036
Loading

Most Cited Most Cited RSS feed