{"title":"Security Enhancement of Industrial Modbus Message Transmission with Proxy Approach","authors":"Yih-Chuan Lin, Ci-Fong Lin, Kevin Chen","doi":"10.1109/ECICE52819.2021.9645741","DOIUrl":null,"url":null,"abstract":"This paper presents an approach to improve the cybersecurity of Modbus protocol in industrial control systems by the security proxy strategy, which helps Modbus used in SCADA systems be more capable of dealing with malicious intrusion threats from external networks to the SCADA environment. On designing the security control scheme, there is one critical requirement taken into consideration for minimally changing the original configuration of SCADA systems. To validate the feasibility of the proposed security proxy approach, techniques for protecting the privacy and integrity of Modbus protocol messages are implemented in the proxy functions. Advanced encryption system (AES) is adopted by the proxy function to encrypt the messages before transmitting to prevent commands or data from being interpreted easily. In addition, the hash function is employed to generate an authentication token to make sure the received message is the same as the sender sent. The extra processing delay time required for each Modbus message after passing through the proxy functions is treated as the important factor for the success of the proposed approach in SCADA systems. Based on the experiments with replay and man-in-the-middle (MITM) attacks, satisfactory results are obtained, demonstrating the usefulness of applying the proposed security approach to network-based SCADA systems.","PeriodicalId":176225,"journal":{"name":"2021 IEEE 3rd Eurasia Conference on IOT, Communication and Engineering (ECICE)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 3rd Eurasia Conference on IOT, Communication and Engineering (ECICE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECICE52819.2021.9645741","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
This paper presents an approach to improve the cybersecurity of Modbus protocol in industrial control systems by the security proxy strategy, which helps Modbus used in SCADA systems be more capable of dealing with malicious intrusion threats from external networks to the SCADA environment. On designing the security control scheme, there is one critical requirement taken into consideration for minimally changing the original configuration of SCADA systems. To validate the feasibility of the proposed security proxy approach, techniques for protecting the privacy and integrity of Modbus protocol messages are implemented in the proxy functions. Advanced encryption system (AES) is adopted by the proxy function to encrypt the messages before transmitting to prevent commands or data from being interpreted easily. In addition, the hash function is employed to generate an authentication token to make sure the received message is the same as the sender sent. The extra processing delay time required for each Modbus message after passing through the proxy functions is treated as the important factor for the success of the proposed approach in SCADA systems. Based on the experiments with replay and man-in-the-middle (MITM) attacks, satisfactory results are obtained, demonstrating the usefulness of applying the proposed security approach to network-based SCADA systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
