Scheme to Secure Communication of SCADA Master

advertisement
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월
Scheme to Secure Communication of SCADA Master
Station and Remote HMI’s through Smart Phones
Rosslin John Robles1) and Tai-hoon Kim
2)
Abstract
SCADA is a concept that is used to refer to the management and procurement of data that can be used
in developing process management criteria. The use of the term SCADA varies, depending on location.
Conventionally, SCADA is connected only in a limited private network. Later on, SCADA was connected
through the internet. There are studies and emerging technology on controlling SCADA via mobile phone.
The wireless communication between the mobile phone and the SCADA server can be performed by means
of a base station via general packet radio service (GPRS) and wireless application protocol (WAP). The
internet SCADA facility and the extension of the HMI to mobile phones has brought a lot of advantages
in terms of control, data generation and viewing. As a drawback, come the security issues. In this paper,
we discuss web SCADA and its connectivity, the extended HMI to the mobile phones and the issues
regarding security. We also suggested a security solution using asymmetric-key encryption.
Keywords: SCADA, Web, Control, HMI, Encryption
1. Introduction
SCADA refers to a system that performs the same basic functions, but operates in a number of different
environments as well as a multiplicity of scales. It is so important since it control most of our commodities.
SCADA communications has been Point-to-Multipoint serial communications over lease line or private radio
systems. With the increasing popularity of Internet Protocol (IP), IP Technology has seen increasing use in
SCADA communications. The Internet gave SCADA more scale which makes it provide access to real-time
data display, alarming, trending, and reporting from remote equipment. From the Internet-based system,
extension of HMI’s to mobile phones was introduced.
Mobile phone based SCADA integration using the GPRS or WAP transfer scheme could enhance the
performance of SCADA without causing an increase in the response times of SCADA functions. The operator
Received(April 12, 2011), Review request(April 13, 2011), Review Result(1st: April 25, 2011, 2nd: May 09, 2011)
Accepted(June 30, 2011)
1
306-791, Department of Multimedia Engineering, Hannam University
email: rosslin_john@yahoo.com
2
(Corresponding Author) 306-791 Department of Multimedia Engineering, Hannam University
email: taihoonn@hnu.kr
*This paper has been supported by the 2011 Hannam University Research Fund.
349
Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones
can visualize and modify the plant parameters using his mobile phone, without reaching the site. In this way
maintenance costs can be reduced and productivity can be increased.
On the next sections, SCADA is discussed, the conventional, the Web SCADA and the extended HMI was
also discussed. Advantages which can be attained using those technologies are also covered. Security issues are
being pointed out. The integration of asymmetric key encryption to solve the security problem was introduced
and discussed.
2. Related Technologies
In this section, related Technologies are discussed, Technologies such as Supervisory Control and Data
Acquisition systems or SCADA, Internet SCADA, Asymmetric Encryption and HMI’s through Smart Phones.
2.1 Supervisory Control and Data Acquisition System
Supervisory Control and Data Acquisition (SCADA) existed long time ago when control systems were
introduced. SCADA systems that time use data acquisition by using strip chart recorders, panels of meters, and
lights. Not similar to modern SCADA systems, there is an operator which manually operates various control
knobs exercised supervisory control. These devices are still used to do supervisory control and data acquisition
on power generating facilities, plants and factories. [1][2] Telemetry is automatic transmission and measurement
of data from remote sources by wire or radio or other means. It is also used to send commands, programs and
receives monitoring information from these remote locations. SCADA is the combination of telemetry and data
acquisition. Supervisory Control and Data Acquisition system is compose of collecting of the information,
transferring it to the central site, carrying out any necessary analysis and control and then displaying that
information on the operator screens. The required control actions are then passed back to the process. [3].
Typical SCADA systems include the following components: [4]
1. Operating equipment such as pumps, valves, conveyors and substation breakers that can be controlled by
energizing actuators or relays.
2. Local processors that communicate with the site’s instruments and operating equipment.
3. Instruments in the field or in a facility that sense conditions such as pH, temperature, pressure, power
level and flow rate.
4. Short range communications between the local processors and the instruments and operating equipment.
5. Long range communications between the local processors and host computers.
6. Host computers that act as the central point of monitoring and control.
350
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월
The measurement and control system of SCADA has one master terminal unit (MTU) which could be called
the brain of the system and one or more remote terminal units (RTU). The RTUs gather the data locally and
send them to the MTU which then issues suitable commands to be executed on site. A system of either
standard or customized software is used to collate, interpret and manage the data. Supervisory Control and Data
Acquisition (SCADA) is conventionally set upped in a private network not connected to the internet. This is
done for the purpose of isolating the confidential information as well as the control to the system itself. [2]
Because of the distance, processing of reports and the emerging technologies, SCADA can now be connected
to the internet. This can bring a lot of advantages and disadvantages which will be discussed in the sections.
Conventionally, relay logic was used to control production and plant systems. With the discovery of the CPU
and other electronic devices, manufacturers incorporated digital electronics into relay logic equipment.
Programmable logic controllers or PLC's are still the most widely used control systems in industry. As need to
monitor and control more devices in the plant grew, the PLCs were distributed and the systems became more
intelligent and smaller in size. PLCs (Programmable logic controllers) and DCS (distributed control systems) are
used as shown in the next Figure.
[Fig. 1] Conventional SCADA Architecture
Data acquisition begins at the RTU or PLC level and includes meter readings and equipment status reports
that are communicated to SCADA as required. Datais then compiled and formatted in such a way that a
control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC)
controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to
allow trending and other analytical auditing. [2]
SCADA systems typically implement a distributed database, commonly referred to as a tag database, which
contains data elements called tags or points. A point represents a single input or output value monitored or
controlled by the system. Points can be either "hard" or "soft". A hard point represents an actual input or
output within the system, while a soft point results from logic and math operations applied to other points.
351
Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones
Points are normally stored as value-time stamp pairs: a value, and the time stamp when it was recorded or
calculated. A series of value-time stamp pairs gives the history of that point. It's also common to store
additional metadata with tags, such as the path to a field device or PLC register, design time comments, and
alarm information. [2]
2.2 Internet SCADA
Conventional SCADA only have 4 components: the master station, plc/rtu, fieldbus and sensors. Internet
SCADA replaces or extends the fieldbus to the internet. This means that the Master Station can be on a
different network or location.
In the next Figure, you can see the architecture of SCADA which is connected through the internet. Like a
normal SCADA, it has RTUs/PLCs/IEDs, The SCADA Service Provider or the Master Station. This also
includes the user-access to SCADA website. This is for the smaller SCADA operators that can avail the
services provided by the SCADA service provider. It can either be a company that uses SCADA exclusively.
Another component of the internet SCADA is the Customer Application which allows report generation or
billing. Along with the fieldbus, the internet is an extension. This is setup like a private network so that only
the master station can have access to the remote assets. The master also has an extension that acts as a web
server so that the SCADA users and customers can access the data through the SCADA provider website. [5]
[Fig. 2] Internet SCADA Architecture [5]
As the system evolves, SCADA systems are coming in line with standard networking technologies. Ethernet
and TCP/IP based protocols are replacing the older proprietary standards. Although certain characteristics of
frame-based network communication technology (determinism, synchronization, protocol selection, environment
suitability) have restricted the adoption of Ethernet in a few specialized applications, the vast majority of
352
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월
markets have accepted Ethernet networks for HMI/SCADA.
A few vendors have begun offering application specific SCADA systems hosted on remote platforms over
the Internet. This removes the need to install and commission systems at the end-user's facility and takes
advantage of security features already available in Internet technology, VPNs and SSL. Some concerns include
security, [6] Internet connection reliability, and latency.
2.3 HMI’s through Smart Phones
These SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, and web based
products are gaining popularity with most major vendors. The increased convenience of end users viewing their
processes remotely introduces security considerations. While these considerations are already considered solved
in other sectors of Internet services, not all entities responsible for deploying SCADA systems have understood
the changes in accessibility and threat scope implicit in connecting a system to the Internet. [6] With some
operators extending the HMI to mobile phones.
There are studies and emerging technology on controlling SCADA via mobile phone. The wireless
communication between the mobile phone and the SCADA server can be performed by means of a base station
via general packet radio service (GPRS) and wireless application protocol (WAP). [7]
[Fig. 3] Internet SCADA Architecture with HMI’s extended to a Smart Phone
Mobile phone based SCADA integration using the GPRS or WAP transfer scheme could enhance the
performance of SCADA without causing an increase in the response times of SCADA functions. The operator
can visualize and modify the plant parameters using his mobile phone, without reaching the site. In this way
maintenance costs can be reduced and productivity can be increased. [7]
2.4 Asymmetric Key Encryprion
353
Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones
Asymmetric key encryption uses different keys for decryption/encryption. These two keys are mathematically
related and they form a key pair. One key is kept private, and is called private-key, and the other can be
made public, called public-key. Hence this is also called Public Key Encryption. Public key can be sent by
mail. A private key is typically used for encrypting the message-digest; in such an application private-key
algorithm is called message-digest encryption algorithm. A public key is typically used for encrypting the
secret-key; in such a application private-key algorithm is called key encryption algorithm. [12]
[Fig. 4] Asymmetric key encryption uses different keys for decryption and encryption
Popular private-key algorithms are RSA and DSA (Digital Signature Algorithm). While for an ordinary use
of RSA, a key size of 768 can be used, but for corporate use a key size of 1024 and for extremely valuable
information a key size of 2048 should be used. Asymmetric key encryption is much slower than symmetric key
encryption and hence they are only used for key exchanges and digital signatures. RSA is an algorithm for
public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and
one of the first great advances in public key cryptography. [8]
RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long
keys and the use of up-to-date implementations. One of the most common digital signature mechanisms, the
Digital Signature Algorithm (DSA) is the basis of the Digital Signature Standard (DSS), a U.S. Government
document. As with other digital signature algorithms, DSA lets one person with a secret key "sign" a
document, so that others with a matching public key can verify it must have been signed only by the holder
of the secret key. Digital signatures depend on hash functions, which are one-way computations done on a
message. [8] They are called "one-way" because there is no known way (without infeasible amounts of
computation) to find a message with a given hash value. In other words, a hash value can be determined for a
given message, but it is not known to be possible to construct any message with a given hash value.
Hash functions are similar to the scrambling operations used in symmetric key encryption, except that there
is no decryption key: the operation is irreversible. The result has a fixed length, which is 160 bits in the case
of the Secure Hash Algorithm (SHA) used by DSA. [8]
354
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월
3. Proposed Scheme and Results
Authentication will be required to access the data and reports so that only users who have enough
permission can access the information. Quality system administration techniques can make all the difference in
security prevention [9]. SCADA web server must always be secure since the data in it are very critical. Web
server security software can also be added.
[Fig. 5] Asymmetric-key encryption applied
Communication from the customer or client will start with an http request to the master server. The client
will be authenticated before the request will be completed. The SCADA master will then send back the
requested information to the client. The information will also be encrypted using the same encryption that is
proposed to be used between the SCADA master and the remote assets. [8]
To test the usability of this scheme, it was tested using the web base Asymmetric-key Encryption simulator.
Since there are many kinds of Asymmetric-key Encryption, in this simulator, RSA Cipher is used. The
following table shows the results of encrypted commands. The first column shows the command; the second
column shows the key length; the third column shows the Modulo, the fourth column shows the key which is
used for encrypting the command, the fifth column shows the encrypted data; the sixth column shows the key
which is used to decrypt the data and the last column shows the actual command.
355
Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones
[Table 1] Asymmetric-key Encryption of SCADA commands
SCADA systems connected through the internet can provide access to real-time data display, alarming,
trending, and reporting from remote equipment. But it also presents some vulnerabilities and security issues. In
this section, the security issues in internet SCADA were pointed out. The utilization of asymmetric key
encryption is suggested. It can provide security to the data that is transmitted from the SCADA master and the
remote assets. Once a system is connected to the internet, it is not impossible for other internet users to have
access to the system that is why encryption is very important. [8]
4. Conclusion
Supervisory Control and Data Acquisition (SCADA) systems connected through the internet with extended
HMI on mobile phones can provide access to real-time data display, alarming, trending, and reporting from
remote equipment. But it also presents some vulnerabilities and security issues. In this paper, we pointed out
the security issues in internet SCADA with extended HMI. The utilization of asymmetric key encryption is
suggested. It can provide security to the data that is transmitted from the SCADA master and the remote
assets. Once a system is connected to the internet, it is not impossible for other internet users to have access
to the system that is why encryption is very important. Our proposed Scheme can increase the security of the
System.
References
[1] Rosslin John Robles, Min-kyu Choi, Maricel Balitanas, Feruza Sattarova, Farkhod Alisherov, Nayoun
Kim, Tai-hoon Kim, "Vulnerabilities in Control Systems, Critical Infrastructure Systems and SCADA",
Proceedings of the 8th KIIT IT based Convergence Service workshop & Summer Conference, Mokpo
Maritime University (Mokpo, Korea), pp. 89, ISSN 2005-7334
[2] Tai-hoon Kim, (2010), "Weather Condition Double Checking in Internet SCADA Environment", WSEAS
TRANSACTIONS on SYSTEMS and CONTROL, Issue 8, Volume 5, August 2010, ISSN: 1991-8763,
356
pp. 623
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월
[3] D. Bailey and E. Wright (2003) Practical SCADA for Industry
[4] Andrew Hildick-Smith (2005) Security for Critical Infrastructure SCADA Systems
[5] Rosslin John Robles, Kum-Taek Seo, Tai-hoon Kim, "Communication Security solution for internet
SCADA", Korean Institute of Information Technology 2010 IT Convergence Technology - Summer
workshops and Conference Proceedings, 2010.5, pp. 461 ~ 463
[6] D. Wallace, (2003), "Control Engineering. How to put SCADA on the Internet",
http://www.controleng.com/article/CA321065.html Accessed: January 2010
[7] OzdemirE, Karacor M, (2006), "Mobile phone based SCADA for industrial automation", ISA Trans. 2006
Jan;45(1): pp. 67-75
[8] Minkyu Choi, Rosslin John Robles, Taihoon Kim, "Application Possibility of Asymmetric-key Encryption
to SCADA Security", The Journal of Korean Institute of Information Technology, Vol.7 No.4, August
2009, pp. 208-217, ISSN: 1958-8619
[9] NACS, "Client/Server Security Assessment and Awareness" Accessed: April 2009
Author
Rosslin John Robles
2007- present Hannam University (MS-PhD in Multimedia Engineering)
2005 (2) WVCST, Iloilo City, Philippines(CAR in MS Computer Science)
2001 (4) WVCST, Iloilo City, Philippines (BS in Information Technology)
Research Interests : System Development and Design, Web Design and
Development, Information Systems, Information Security, SCADA Securityand
Network Security
Tai-hoon Kim
1995 B.S., 1997 M.S., 2002 Ph.D. degrees in Electric, Electronic, and Computer
engineering, Sung Kyun Kwan University.
1996~1999 Researcher, Technical Research Institute sindoricoh.
2002~2004 Senior researcher, Korea Information Security Agency.
2006~2007 Research professor, Ewha women university.
Currently, assistant professor, Hannam university.
Research interests : information security, security evaluation, information assurance
357
Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones
358
Download