Scheme to Secure Communication of SCADA Master
advertisement
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones Rosslin John Robles1) and Tai-hoon Kim 2) Abstract SCADA is a concept that is used to refer to the management and procurement of data that can be used in developing process management criteria. The use of the term SCADA varies, depending on location. Conventionally, SCADA is connected only in a limited private network. Later on, SCADA was connected through the internet. There are studies and emerging technology on controlling SCADA via mobile phone. The wireless communication between the mobile phone and the SCADA server can be performed by means of a base station via general packet radio service (GPRS) and wireless application protocol (WAP). The internet SCADA facility and the extension of the HMI to mobile phones has brought a lot of advantages in terms of control, data generation and viewing. As a drawback, come the security issues. In this paper, we discuss web SCADA and its connectivity, the extended HMI to the mobile phones and the issues regarding security. We also suggested a security solution using asymmetric-key encryption. Keywords: SCADA, Web, Control, HMI, Encryption 1. Introduction SCADA refers to a system that performs the same basic functions, but operates in a number of different environments as well as a multiplicity of scales. It is so important since it control most of our commodities. SCADA communications has been Point-to-Multipoint serial communications over lease line or private radio systems. With the increasing popularity of Internet Protocol (IP), IP Technology has seen increasing use in SCADA communications. The Internet gave SCADA more scale which makes it provide access to real-time data display, alarming, trending, and reporting from remote equipment. From the Internet-based system, extension of HMI’s to mobile phones was introduced. Mobile phone based SCADA integration using the GPRS or WAP transfer scheme could enhance the performance of SCADA without causing an increase in the response times of SCADA functions. The operator Received(April 12, 2011), Review request(April 13, 2011), Review Result(1st: April 25, 2011, 2nd: May 09, 2011) Accepted(June 30, 2011) 1 306-791, Department of Multimedia Engineering, Hannam University email: rosslin_john@yahoo.com 2 (Corresponding Author) 306-791 Department of Multimedia Engineering, Hannam University email: taihoonn@hnu.kr *This paper has been supported by the 2011 Hannam University Research Fund. 349 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones can visualize and modify the plant parameters using his mobile phone, without reaching the site. In this way maintenance costs can be reduced and productivity can be increased. On the next sections, SCADA is discussed, the conventional, the Web SCADA and the extended HMI was also discussed. Advantages which can be attained using those technologies are also covered. Security issues are being pointed out. The integration of asymmetric key encryption to solve the security problem was introduced and discussed. 2. Related Technologies In this section, related Technologies are discussed, Technologies such as Supervisory Control and Data Acquisition systems or SCADA, Internet SCADA, Asymmetric Encryption and HMI’s through Smart Phones. 2.1 Supervisory Control and Data Acquisition System Supervisory Control and Data Acquisition (SCADA) existed long time ago when control systems were introduced. SCADA systems that time use data acquisition by using strip chart recorders, panels of meters, and lights. Not similar to modern SCADA systems, there is an operator which manually operates various control knobs exercised supervisory control. These devices are still used to do supervisory control and data acquisition on power generating facilities, plants and factories. [1][2] Telemetry is automatic transmission and measurement of data from remote sources by wire or radio or other means. It is also used to send commands, programs and receives monitoring information from these remote locations. SCADA is the combination of telemetry and data acquisition. Supervisory Control and Data Acquisition system is compose of collecting of the information, transferring it to the central site, carrying out any necessary analysis and control and then displaying that information on the operator screens. The required control actions are then passed back to the process. [3]. Typical SCADA systems include the following components: [4] 1. Operating equipment such as pumps, valves, conveyors and substation breakers that can be controlled by energizing actuators or relays. 2. Local processors that communicate with the site’s instruments and operating equipment. 3. Instruments in the field or in a facility that sense conditions such as pH, temperature, pressure, power level and flow rate. 4. Short range communications between the local processors and the instruments and operating equipment. 5. Long range communications between the local processors and host computers. 6. Host computers that act as the central point of monitoring and control. 350 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 The measurement and control system of SCADA has one master terminal unit (MTU) which could be called the brain of the system and one or more remote terminal units (RTU). The RTUs gather the data locally and send them to the MTU which then issues suitable commands to be executed on site. A system of either standard or customized software is used to collate, interpret and manage the data. Supervisory Control and Data Acquisition (SCADA) is conventionally set upped in a private network not connected to the internet. This is done for the purpose of isolating the confidential information as well as the control to the system itself. [2] Because of the distance, processing of reports and the emerging technologies, SCADA can now be connected to the internet. This can bring a lot of advantages and disadvantages which will be discussed in the sections. Conventionally, relay logic was used to control production and plant systems. With the discovery of the CPU and other electronic devices, manufacturers incorporated digital electronics into relay logic equipment. Programmable logic controllers or PLC's are still the most widely used control systems in industry. As need to monitor and control more devices in the plant grew, the PLCs were distributed and the systems became more intelligent and smaller in size. PLCs (Programmable logic controllers) and DCS (distributed control systems) are used as shown in the next Figure. [Fig. 1] Conventional SCADA Architecture Data acquisition begins at the RTU or PLC level and includes meter readings and equipment status reports that are communicated to SCADA as required. Datais then compiled and formatted in such a way that a control room operator using the HMI can make supervisory decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian, often built on a commodity Database Management System, to allow trending and other analytical auditing. [2] SCADA systems typically implement a distributed database, commonly referred to as a tag database, which contains data elements called tags or points. A point represents a single input or output value monitored or controlled by the system. Points can be either "hard" or "soft". A hard point represents an actual input or output within the system, while a soft point results from logic and math operations applied to other points. 351 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones Points are normally stored as value-time stamp pairs: a value, and the time stamp when it was recorded or calculated. A series of value-time stamp pairs gives the history of that point. It's also common to store additional metadata with tags, such as the path to a field device or PLC register, design time comments, and alarm information. [2] 2.2 Internet SCADA Conventional SCADA only have 4 components: the master station, plc/rtu, fieldbus and sensors. Internet SCADA replaces or extends the fieldbus to the internet. This means that the Master Station can be on a different network or location. In the next Figure, you can see the architecture of SCADA which is connected through the internet. Like a normal SCADA, it has RTUs/PLCs/IEDs, The SCADA Service Provider or the Master Station. This also includes the user-access to SCADA website. This is for the smaller SCADA operators that can avail the services provided by the SCADA service provider. It can either be a company that uses SCADA exclusively. Another component of the internet SCADA is the Customer Application which allows report generation or billing. Along with the fieldbus, the internet is an extension. This is setup like a private network so that only the master station can have access to the remote assets. The master also has an extension that acts as a web server so that the SCADA users and customers can access the data through the SCADA provider website. [5] [Fig. 2] Internet SCADA Architecture [5] As the system evolves, SCADA systems are coming in line with standard networking technologies. Ethernet and TCP/IP based protocols are replacing the older proprietary standards. Although certain characteristics of frame-based network communication technology (determinism, synchronization, protocol selection, environment suitability) have restricted the adoption of Ethernet in a few specialized applications, the vast majority of 352 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 markets have accepted Ethernet networks for HMI/SCADA. A few vendors have begun offering application specific SCADA systems hosted on remote platforms over the Internet. This removes the need to install and commission systems at the end-user's facility and takes advantage of security features already available in Internet technology, VPNs and SSL. Some concerns include security, [6] Internet connection reliability, and latency. 2.3 HMI’s through Smart Phones These SCADA systems are becoming increasingly ubiquitous. Thin clients, web portals, and web based products are gaining popularity with most major vendors. The increased convenience of end users viewing their processes remotely introduces security considerations. While these considerations are already considered solved in other sectors of Internet services, not all entities responsible for deploying SCADA systems have understood the changes in accessibility and threat scope implicit in connecting a system to the Internet. [6] With some operators extending the HMI to mobile phones. There are studies and emerging technology on controlling SCADA via mobile phone. The wireless communication between the mobile phone and the SCADA server can be performed by means of a base station via general packet radio service (GPRS) and wireless application protocol (WAP). [7] [Fig. 3] Internet SCADA Architecture with HMI’s extended to a Smart Phone Mobile phone based SCADA integration using the GPRS or WAP transfer scheme could enhance the performance of SCADA without causing an increase in the response times of SCADA functions. The operator can visualize and modify the plant parameters using his mobile phone, without reaching the site. In this way maintenance costs can be reduced and productivity can be increased. [7] 2.4 Asymmetric Key Encryprion 353 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones Asymmetric key encryption uses different keys for decryption/encryption. These two keys are mathematically related and they form a key pair. One key is kept private, and is called private-key, and the other can be made public, called public-key. Hence this is also called Public Key Encryption. Public key can be sent by mail. A private key is typically used for encrypting the message-digest; in such an application private-key algorithm is called message-digest encryption algorithm. A public key is typically used for encrypting the secret-key; in such a application private-key algorithm is called key encryption algorithm. [12] [Fig. 4] Asymmetric key encryption uses different keys for decryption and encryption Popular private-key algorithms are RSA and DSA (Digital Signature Algorithm). While for an ordinary use of RSA, a key size of 768 can be used, but for corporate use a key size of 1024 and for extremely valuable information a key size of 2048 should be used. Asymmetric key encryption is much slower than symmetric key encryption and hence they are only used for key exchanges and digital signatures. RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. [8] RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. One of the most common digital signature mechanisms, the Digital Signature Algorithm (DSA) is the basis of the Digital Signature Standard (DSS), a U.S. Government document. As with other digital signature algorithms, DSA lets one person with a secret key "sign" a document, so that others with a matching public key can verify it must have been signed only by the holder of the secret key. Digital signatures depend on hash functions, which are one-way computations done on a message. [8] They are called "one-way" because there is no known way (without infeasible amounts of computation) to find a message with a given hash value. In other words, a hash value can be determined for a given message, but it is not known to be possible to construct any message with a given hash value. Hash functions are similar to the scrambling operations used in symmetric key encryption, except that there is no decryption key: the operation is irreversible. The result has a fixed length, which is 160 bits in the case of the Secure Hash Algorithm (SHA) used by DSA. [8] 354 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 3. Proposed Scheme and Results Authentication will be required to access the data and reports so that only users who have enough permission can access the information. Quality system administration techniques can make all the difference in security prevention [9]. SCADA web server must always be secure since the data in it are very critical. Web server security software can also be added. [Fig. 5] Asymmetric-key encryption applied Communication from the customer or client will start with an http request to the master server. The client will be authenticated before the request will be completed. The SCADA master will then send back the requested information to the client. The information will also be encrypted using the same encryption that is proposed to be used between the SCADA master and the remote assets. [8] To test the usability of this scheme, it was tested using the web base Asymmetric-key Encryption simulator. Since there are many kinds of Asymmetric-key Encryption, in this simulator, RSA Cipher is used. The following table shows the results of encrypted commands. The first column shows the command; the second column shows the key length; the third column shows the Modulo, the fourth column shows the key which is used for encrypting the command, the fifth column shows the encrypted data; the sixth column shows the key which is used to decrypt the data and the last column shows the actual command. 355 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones [Table 1] Asymmetric-key Encryption of SCADA commands SCADA systems connected through the internet can provide access to real-time data display, alarming, trending, and reporting from remote equipment. But it also presents some vulnerabilities and security issues. In this section, the security issues in internet SCADA were pointed out. The utilization of asymmetric key encryption is suggested. It can provide security to the data that is transmitted from the SCADA master and the remote assets. Once a system is connected to the internet, it is not impossible for other internet users to have access to the system that is why encryption is very important. [8] 4. Conclusion Supervisory Control and Data Acquisition (SCADA) systems connected through the internet with extended HMI on mobile phones can provide access to real-time data display, alarming, trending, and reporting from remote equipment. But it also presents some vulnerabilities and security issues. In this paper, we pointed out the security issues in internet SCADA with extended HMI. The utilization of asymmetric key encryption is suggested. It can provide security to the data that is transmitted from the SCADA master and the remote assets. Once a system is connected to the internet, it is not impossible for other internet users to have access to the system that is why encryption is very important. Our proposed Scheme can increase the security of the System. References [1] Rosslin John Robles, Min-kyu Choi, Maricel Balitanas, Feruza Sattarova, Farkhod Alisherov, Nayoun Kim, Tai-hoon Kim, "Vulnerabilities in Control Systems, Critical Infrastructure Systems and SCADA", Proceedings of the 8th KIIT IT based Convergence Service workshop & Summer Conference, Mokpo Maritime University (Mokpo, Korea), pp. 89, ISSN 2005-7334 [2] Tai-hoon Kim, (2010), "Weather Condition Double Checking in Internet SCADA Environment", WSEAS TRANSACTIONS on SYSTEMS and CONTROL, Issue 8, Volume 5, August 2010, ISSN: 1991-8763, 356 pp. 623 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 [3] D. Bailey and E. Wright (2003) Practical SCADA for Industry [4] Andrew Hildick-Smith (2005) Security for Critical Infrastructure SCADA Systems [5] Rosslin John Robles, Kum-Taek Seo, Tai-hoon Kim, "Communication Security solution for internet SCADA", Korean Institute of Information Technology 2010 IT Convergence Technology - Summer workshops and Conference Proceedings, 2010.5, pp. 461 ~ 463 [6] D. Wallace, (2003), "Control Engineering. How to put SCADA on the Internet", http://www.controleng.com/article/CA321065.html Accessed: January 2010 [7] OzdemirE, Karacor M, (2006), "Mobile phone based SCADA for industrial automation", ISA Trans. 2006 Jan;45(1): pp. 67-75 [8] Minkyu Choi, Rosslin John Robles, Taihoon Kim, "Application Possibility of Asymmetric-key Encryption to SCADA Security", The Journal of Korean Institute of Information Technology, Vol.7 No.4, August 2009, pp. 208-217, ISSN: 1958-8619 [9] NACS, "Client/Server Security Assessment and Awareness" Accessed: April 2009 Author Rosslin John Robles 2007- present Hannam University (MS-PhD in Multimedia Engineering) 2005 (2) WVCST, Iloilo City, Philippines(CAR in MS Computer Science) 2001 (4) WVCST, Iloilo City, Philippines (BS in Information Technology) Research Interests : System Development and Design, Web Design and Development, Information Systems, Information Security, SCADA Securityand Network Security Tai-hoon Kim 1995 B.S., 1997 M.S., 2002 Ph.D. degrees in Electric, Electronic, and Computer engineering, Sung Kyun Kwan University. 1996~1999 Researcher, Technical Research Institute sindoricoh. 2002~2004 Senior researcher, Korea Information Security Agency. 2006~2007 Research professor, Ewha women university. Currently, assistant professor, Hannam university. Research interests : information security, security evaluation, information assurance 357 Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones 358
