A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation

It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent t...

Full description

Bibliographic Details
Main Authors: Luis Rosa, Miguel Freitas, Sergey Mazo, Edmundo Monteiro, Tiago Cruz, Paulo Simoes
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
ICS
Online Access:https://ieeexplore.ieee.org/document/8672892/
id doaj-0e7a40572c9c4fbd97ad5c228827001a
record_format Article
spelling doaj-0e7a40572c9c4fbd97ad5c228827001a2021-03-29T22:46:09ZengIEEEIEEE Access2169-35362019-01-017421564216810.1109/ACCESS.2019.29069268672892A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to MitigationLuis Rosa0https://orcid.org/0000-0002-8230-4045Miguel Freitas1Sergey Mazo2Edmundo Monteiro3Tiago Cruz4https://orcid.org/0000-0001-9278-6503Paulo Simoes5Centre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalIsrael Electric Corporation, Haifa, IsraelCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalIt is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traffic datasets containing multiple samples of different types of PCOM operations.https://ieeexplore.ieee.org/document/8672892/SCADAsecurityPCOMICSIACS
collection DOAJ
language English
format Article
sources DOAJ
author Luis Rosa
Miguel Freitas
Sergey Mazo
Edmundo Monteiro
Tiago Cruz
Paulo Simoes
spellingShingle Luis Rosa
Miguel Freitas
Sergey Mazo
Edmundo Monteiro
Tiago Cruz
Paulo Simoes
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
IEEE Access
SCADA
security
PCOM
ICS
IACS
author_facet Luis Rosa
Miguel Freitas
Sergey Mazo
Edmundo Monteiro
Tiago Cruz
Paulo Simoes
author_sort Luis Rosa
title A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_short A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_full A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_fullStr A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_full_unstemmed A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_sort comprehensive security analysis of a scada protocol: from osint to mitigation
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traffic datasets containing multiple samples of different types of PCOM operations.
topic SCADA
security
PCOM
ICS
IACS
url https://ieeexplore.ieee.org/document/8672892/
work_keys_str_mv AT luisrosa acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT miguelfreitas acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT sergeymazo acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT edmundomonteiro acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT tiagocruz acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT paulosimoes acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT luisrosa comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT miguelfreitas comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT sergeymazo comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT edmundomonteiro comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT tiagocruz comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
AT paulosimoes comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation
_version_ 1724190874610434048