• 主题
高级搜索  >
历史搜索 清空历史
首页> 美国卫生研究院文献>Sensors (Basel Switzerland) >A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach
【2h】

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

机译:Modbus SCADA系统中的基于角色的访问控制模型。集中模型方法

代理获取
本网站仅为用户提供外文OA文献查询和代理获取服务,本网站没有原文。下单后我们将采用程序或人工为您竭诚获取高质量的原文,但由于OA文献来源多样且变更频繁,仍可能出现获取不到、文献不完整或与标题不符等情况,如果获取不到我们将提供退款服务。请知悉。
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.
机译:工业控制系统(ICS)和监督控制系统以及数据采集(SCADA)网络实施工业通信协议以实现其操作。 Modbus是一种应用程序协议,允许数百万个自动化设备之间进行通信。不幸的是,Modbus缺乏基本的安全机制,并且由于设计和实施的原因,这导致了多个漏洞。此问题使某些类型的攻击成为可能,例如中间人攻击,窃听攻击和重播攻击。利用此类缺陷可能会极大地影响公司和普通民众,尤其是针对以关键基础设施资产为目标的攻击,例如发电厂,供水和铁路运输系统。为了向协议提供安全机制,Modbus组织发布了安全规范,该规范通过将传输层安全性(TLS)与传统Modbus协议相结合来提供强大的保护。 TLS将封装Modbus数据包,以提供身份验证和消息完整性保护。安全功能利用X.509v3数字证书对服务器和客户端进行身份验证。根据安全规范,本研究解决了Modbus协议的安全问题,提出了基于角色的访问控制模型(RBAC)的新安全版本,以便对服务器上的客户端以及Modbus框架进行授权。该模型通过角色分为授权过程,该过程作为任意扩展插入到证书X.509v3中,而消息授权通过单元ID(用于授权Modbus框架的唯一标识符)插入。我们的建议通过两种方法进行评估:安全性分析和性能分析。安全分析包括验证协议对不同类型攻击的抵抗力,以及网络安全的某些支柱(例如完整性和机密性)没有受到损害。最后,我们的性能分析涉及在基于GNS3的测试网上部署我们的设计。该测试网是根据工业安全标准(例如IEC-62443)设计的,该标准将工业网络划分为多个级别。然后,将客户端和服务器都部署在该网络上,以验证提议的可行性。为此,将工业环境中不同的延迟测量值用作基准,并与我们针对不同密码套件的建议中的延迟相匹配。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
代理获取

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号