2009
DOI: 10.1007/978-3-642-04798-5_5
|View full text |Cite
|
Sign up to set email alerts
|

A Taxonomy of Attacks on the DNP3 Protocol

Abstract: Distributed Network Protocol (DNP3) is the predominant SCADA protocol in the energy sector-more than 75% of North American electric utilities currently use DNP3 for industrial control applications. This paper presents a taxonomy of attacks on the protocol. The attacks are classified based on targets (control center, outstation devices and network/communication paths) and threat categories (interception, interruption, modification and fabrication). To facilitate risk analysis and mitigation strategies, the atta… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
128
0
3

Year Published

2012
2012
2022
2022

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 157 publications
(131 citation statements)
references
References 2 publications
0
128
0
3
Order By: Relevance
“…Due to open connectivity, DNP3 has been vulnerable to Internet attacks; most DNP3 devices are configured, and communicate without any proper authentication mechanism or have little protection in the SCADA network against vulnerabilities [23][24][25][26][27][28][29][30]. Cryptography based security mechanisms [31] have been proposed for DNP3 by DNP3 users group, in which symmetric and asymmetric methods are defined and a detailed description of challenge-response technique is made to examine the security goals (or parameters), such as authentication and integrity, and to protect the transmission against attacks, such as replay, spoofing, and modification attacks [8,32,33], at the application layer. However, many limitations are accounted for in DNP3 security design and development, and most of the work is in initial phases or still in the development phases.…”
Section: Background Studymentioning
confidence: 99%
“…Due to open connectivity, DNP3 has been vulnerable to Internet attacks; most DNP3 devices are configured, and communicate without any proper authentication mechanism or have little protection in the SCADA network against vulnerabilities [23][24][25][26][27][28][29][30]. Cryptography based security mechanisms [31] have been proposed for DNP3 by DNP3 users group, in which symmetric and asymmetric methods are defined and a detailed description of challenge-response technique is made to examine the security goals (or parameters), such as authentication and integrity, and to protect the transmission against attacks, such as replay, spoofing, and modification attacks [8,32,33], at the application layer. However, many limitations are accounted for in DNP3 security design and development, and most of the work is in initial phases or still in the development phases.…”
Section: Background Studymentioning
confidence: 99%
“…The DNP3 protocol is widely used in the Industrial Control Systems (ICS) network. More than 75% of power utilities in North America reported using the DNP3 protocol as part of their Supervisory Control and Data Acquisition (SCADA) system [9]. Therefore, we chose the DNP3 protocol to describe attacks and recovery measures.…”
Section: Introductionmentioning
confidence: 99%
“…Nowadays CIs, or more specifically Networked Industrial Control Systems (NICS), are exposed to significant cyber-threats; a fact that has been highlighted by many studies on the security of Supervisory Control And Data Acquisition (SCADA) systems [1,2,3]. For example, the recently reported Stuxnet worm [4] is the first malware specifically designed to attack NICS.…”
Section: Introductionmentioning
confidence: 99%
“…For example, the recently reported Stuxnet worm [4] is the first malware specifically designed to attack NICS. Its ability to reprogram the logic of control hardware in order to alter the operation of industrial processes demonstrated how powerful such threats can be; it served Email addresses: bela.genge@jrc.ec.europa.eu (Béla Genge), christos.siaterlis@jrc.ec.europa.eu (Christos Siaterlis), igor.nai@jrc.ec.europa.eu (Igor Nai Fovino), marcelo.masera@jrc.ec.europa.eu (Marcelo Masera) 1 Currently, the author affiliations have changed as described in the author bios as a wakeup call for the international security community. Stuxnet raised many open questions, but most importantly it highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats against both the physical and the cyber parts of CIs.…”
Section: Introductionmentioning
confidence: 99%