A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
Autor(a) principal: | |
---|---|
Data de Publicação: | 2019 |
Outros Autores: | , , , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10316/101586 https://doi.org/10.1109/ACCESS.2019.2906926 |
Resumo: | It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations. |
id |
RCAP_32def30a94929878d4b300c65571606a |
---|---|
oai_identifier_str |
oai:estudogeral.uc.pt:10316/101586 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to MitigationSCADAsecurityPCOMICSIACSIt is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations.2019info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/101586http://hdl.handle.net/10316/101586https://doi.org/10.1109/ACCESS.2019.2906926eng2169-3536Rosa, LuísFreitas, MiguelMazo, SergeyMonteiro, EdmundoCruz, TiagoSimões, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-09-01T20:46:26Zoai:estudogeral.uc.pt:10316/101586Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:18:44.820688Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
spellingShingle |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation Rosa, Luís SCADA security PCOM ICS IACS |
title_short |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_full |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_fullStr |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_full_unstemmed |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
title_sort |
A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation |
author |
Rosa, Luís |
author_facet |
Rosa, Luís Freitas, Miguel Mazo, Sergey Monteiro, Edmundo Cruz, Tiago Simões, Paulo |
author_role |
author |
author2 |
Freitas, Miguel Mazo, Sergey Monteiro, Edmundo Cruz, Tiago Simões, Paulo |
author2_role |
author author author author author |
dc.contributor.author.fl_str_mv |
Rosa, Luís Freitas, Miguel Mazo, Sergey Monteiro, Edmundo Cruz, Tiago Simões, Paulo |
dc.subject.por.fl_str_mv |
SCADA security PCOM ICS IACS |
topic |
SCADA security PCOM ICS IACS |
description |
It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations. |
publishDate |
2019 |
dc.date.none.fl_str_mv |
2019 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10316/101586 http://hdl.handle.net/10316/101586 https://doi.org/10.1109/ACCESS.2019.2906926 |
url |
http://hdl.handle.net/10316/101586 https://doi.org/10.1109/ACCESS.2019.2906926 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2169-3536 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134082186084352 |