A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent t...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2019-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8672892/ |
id |
doaj-0e7a40572c9c4fbd97ad5c228827001a |
---|---|
record_format |
Article |
spelling |
doaj-0e7a40572c9c4fbd97ad5c228827001a2021-03-29T22:46:09ZengIEEEIEEE Access2169-35362019-01-017421564216810.1109/ACCESS.2019.29069268672892A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to MitigationLuis Rosa0https://orcid.org/0000-0002-8230-4045Miguel Freitas1Sergey Mazo2Edmundo Monteiro3Tiago Cruz4https://orcid.org/0000-0001-9278-6503Paulo Simoes5Centre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalIsrael Electric Corporation, Haifa, IsraelCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalCentre for Informatics and Systems, University of Coimbra, Coimbra, PortugalIt is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traffic datasets containing multiple samples of different types of PCOM operations.https://ieeexplore.ieee.org/document/8672892/SCADAsecurityPCOMICSIACS |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Luis Rosa Miguel Freitas Sergey Mazo Edmundo Monteiro Tiago Cruz Paulo Simoes |
spellingShingle |
Luis Rosa Miguel Freitas Sergey Mazo Edmundo Monteiro Tiago Cruz Paulo Simoes A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation IEEE Access SCADA security PCOM ICS IACS |
author_facet |
Luis Rosa Miguel Freitas Sergey Mazo Edmundo Monteiro Tiago Cruz Paulo Simoes |
author_sort |
Luis Rosa |
title |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_short |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_full |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_fullStr |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_full_unstemmed |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_sort |
comprehensive security analysis of a scada protocol: from osint to mitigation |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2019-01-01 |
description |
It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traffic datasets containing multiple samples of different types of PCOM operations. |
topic |
SCADA security PCOM ICS IACS |
url |
https://ieeexplore.ieee.org/document/8672892/ |
work_keys_str_mv |
AT luisrosa acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT miguelfreitas acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT sergeymazo acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT edmundomonteiro acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT tiagocruz acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT paulosimoes acomprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT luisrosa comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT miguelfreitas comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT sergeymazo comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT edmundomonteiro comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT tiagocruz comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation AT paulosimoes comprehensivesecurityanalysisofascadaprotocolfromosinttomitigation |
_version_ |
1724190874610434048 |