A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation

Detalhes bibliográficos
Autor(a) principal: Rosa, Luís
Data de Publicação: 2019
Outros Autores: Freitas, Miguel, Mazo, Sergey, Monteiro, Edmundo, Cruz, Tiago, Simões, Paulo
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10316/101586
https://doi.org/10.1109/ACCESS.2019.2906926
Resumo: It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations.
id RCAP_32def30a94929878d4b300c65571606a
oai_identifier_str oai:estudogeral.uc.pt:10316/101586
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to MitigationSCADAsecurityPCOMICSIACSIt is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations.2019info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/101586http://hdl.handle.net/10316/101586https://doi.org/10.1109/ACCESS.2019.2906926eng2169-3536Rosa, LuísFreitas, MiguelMazo, SergeyMonteiro, EdmundoCruz, TiagoSimões, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-09-01T20:46:26Zoai:estudogeral.uc.pt:10316/101586Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:18:44.820688Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
spellingShingle A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
Rosa, Luís
SCADA
security
PCOM
ICS
IACS
title_short A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_full A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_fullStr A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_full_unstemmed A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
title_sort A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation
author Rosa, Luís
author_facet Rosa, Luís
Freitas, Miguel
Mazo, Sergey
Monteiro, Edmundo
Cruz, Tiago
Simões, Paulo
author_role author
author2 Freitas, Miguel
Mazo, Sergey
Monteiro, Edmundo
Cruz, Tiago
Simões, Paulo
author2_role author
author
author
author
author
dc.contributor.author.fl_str_mv Rosa, Luís
Freitas, Miguel
Mazo, Sergey
Monteiro, Edmundo
Cruz, Tiago
Simões, Paulo
dc.subject.por.fl_str_mv SCADA
security
PCOM
ICS
IACS
topic SCADA
security
PCOM
ICS
IACS
description It is an established fact that the security of Industrial Automation and Control Systems (IACS) strongly depends on the robustness of the underlying supervisory control and data acquisition (SCADA) network protocols (among other factors). This becomes especially evident when considering the extent to which certain protocols, designed with poor or nonexistent security mechanisms, have led to a considerable number of past incident reports affecting critical infrastructures and essential services. Considering the current situation, it is rather obvious why the proper auditing and analysis of SCADA protocols are considered as key when it comes to design and/or protect IACS infrastructures. However, while the security of some protocols, such as Modbus or DNP3, has already been extensively analyzed, the same cannot be said for other protocols and technologies being used in the same domain that have not received the same amount of attention. In this paper, we provide a comprehensive security analysis of the PCOM SCADA protocol, including a dissection of PCOM, a demonstration of several attacks scenarios on PCOM-based systems, and also an analysis of possible mitigation strategies against these potential attacks. Moreover, this paper also describes a number of open-source tools that we developed for further analysis and research of PCOM security aspects, including a PCOM Wireshark dissector, a Nmap NSE PCOM scan, multiple Metasploit PCOM modules, a set of Snort PCOM rules, and several network traf c datasets containing multiple samples of different types of PCOM operations.
publishDate 2019
dc.date.none.fl_str_mv 2019
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10316/101586
http://hdl.handle.net/10316/101586
https://doi.org/10.1109/ACCESS.2019.2906926
url http://hdl.handle.net/10316/101586
https://doi.org/10.1109/ACCESS.2019.2906926
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2169-3536
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134082186084352