Vulnerability Assessment and Experimentation of Smart Grid DNP3

Darwish, Ihab; Igbe, Obinna; Saadawi, Tarek

doi:10.13052/jcsm2245-1439.513

Cited by 10 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…При оптимізації (змішаному цілочисельному програмуванні, дворівневому програмуванні, багатокритеріальній оптимізації, евристичній оптимізації тощо) використовується моделювання для генерування сценаріїв [70−72], верифікації параметрів задачі чи валідації результатів [42, 44, 54, 67, 73−78]. Моделювання частіше використовується у теорії ігор [42,44,70,74,75,79,80].…”

Section: оптимізація критичних інфраструктурunclassified

Теоретико-Ігрові Та Оптимізаційні Моделі І Методи Підвищення Безпеки Кіберінфраструктур

Горбачук¹,

Golotsukov²,

Dunaievskyi³

et al. 2022

ПКІ

View full text Add to dashboard Cite

Critical infrastructure of interdependent modern sectors is increasingly relying on cyber systems and cyber infrastructures, which are characterized by growing risks of their cyber components, including cyberphysical subsystems. Therefore, cybersecurity is important for the protection of critical infrastructure. The search for cost-effective ways to increase or improve the security of cyber infrastructure is based on optimization models and methods of cyber infrastructure stability, safety, and reliability. These models and methods have different fields of application and different directions, not necessarily focused on the cyber infrastructure resilience. The growing role of information and communication technologies has influenced the concept of security and the nature of war. Many critical infrastructures (airports, hospitals, oil pipelines) have become potentially vulnerable to organized cyber attacks. Today, the implementation of the major state function of defense and security largely depends on the successful use of information and communication technologies as modern competitive (final and intermediate) dual-use products used by different people for different purposes. Game theory is increasingly used to assess strategic interactions between attackers and defenders in cyberspace. Game research and modeling combinations are combined to study the security of cyberspace. In cyberspace, the arsenal of weapons is built by finding more vulnerabilities in the defense of the target. Vulnerability is a weakness in the security procedures of the system, the design of the system or its implementation, as well as in the organization of internal control, which may be used by the source of the threat. The dynamic nature of vulnerabilities means that they are constantly changing over time. Detecting a vulnerability by a defender reduces the effectiveness of the attacker’s cyber weapon, which exploits the vulnerability, and increases the target protection. Game theory has been applied to many issues, including resource allocation, network security, and human cooperation. In cyberspace, there is often a placement game where the attacker and the defender decide where to allocate their respective resources. Defender’s resources can be security infrastructure (firewalls), finance, training. For example, a network administrator might look for a resource allocation that minimizes the risk of (cyber) attacks and at the same time protects against cyberattacks. The attacker has limited resources and is at risk of being tracked down and punished. The problem of resource allocation in cyberspace can be formulated as a game-theoretic problem, taking into account the concept of common knowledge and the problem of uncertain observability.

show abstract

Section: оптимізація критичних інфраструктурunclassified

Теоретико-Ігрові Та Оптимізаційні Моделі І Методи Підвищення Безпеки Кіберінфраструктур

Горбачук¹,

Golotsukov²,

Dunaievskyi³

et al. 2022

ПКІ

View full text Add to dashboard Cite

show abstract

“…Through vulnerability and penetration testing, MITM attacks were modeled using grid technology to evaluate cybersecurity threats to SCADA systems implementing DNP3 protocols [42]. Two attack scenarios were used: an unsolicited message attack and injection data collection [43]. Cryptography aims to ensure that the data sent is correct and accessed by the right people.…”

Section: Related Workmentioning

confidence: 99%

Peer Review #2 of "Improvement of nuclear facilities DNP3 protocol data transmission security using super encryption BRC4 in SCADA systems (v0.1)"

Rupapara¹

2021

View full text Add to dashboard Cite

“…Through vulnerability and penetration testing, MITM attacks were modeled using grid technology to evaluate cybersecurity threats to SCADA systems implementing DNP3 protocols ( El Bouanani et al, 2019 ). Two attack scenarios were used: an unsolicited message attack and injection data collection ( Darwish, Igbe & Saadawi, 2016 ).…”

Section: Related Workmentioning

confidence: 99%

Improvement of nuclear facilities DNP3 protocol data transmission security using super encryption BRC4 in SCADA systems

Riyadi

Putra

Priyambodo

2021

PeerJ Computer Science

View full text Add to dashboard Cite

Background Data transmissions using the DNP3 protocol over the internet in SCADA systems are vulnerable to interruption, interception, fabrication, and modification through man-in-the-middle (MITM) attacks. This research aims to improve the security of DNP3 data transmissions and protect them from MITM attacks. Methods This research describes a proposed new method of improving DNP3 security by introducing BRC4 encryption. This combines Beaufort encryption, in which plain text is encrypted by applying a poly-alphabetic substitution code based on the Beaufort table by subtracting keys in plain text, and RC4 encryption, a stream cipher with a variable-length key algorithm. This research contributes to improving the security of data transmission and accelerating key generation. Results Tests are carried out by key space analysis, correlation coefficient analysis, information entropy analysis, visual analysis, and time complexity analysis.The results show that to secure encryption processes from brute force attacks, a key of at least 16 characters is necessary. IL data correlation values were IL1 = −0.010, IL2 = 0.006, and IL3 = 0.001, respectively, indicating that the proposed method (BRC4) is better than the Beaufort or RC4 methods in isolation. Meanwhile, the information entropy values from IL data are IL1 = 7.84, IL2 = 7.98, and IL3 = 7.99, respectively, likewise indicating that the proposed method is better than the Beaufort or RC4 methods in isolation. Both results also show that the proposed method is secure from MITM attacks. Visual analysis, using a histogram, shows that ciphertext is more significantly distributed than plaintext, and thus secure from MITM attacks. The time complexity analysis results show that the proposed method algorithm is categorized as linear complexity.

show abstract

Vulnerability Assessment and Experimentation of Smart Grid DNP3

Cited by 10 publications

References 11 publications

Теоретико-Ігрові Та Оптимізаційні Моделі І Методи Підвищення Безпеки Кіберінфраструктур

Теоретико-Ігрові Та Оптимізаційні Моделі І Методи Підвищення Безпеки Кіберінфраструктур

Peer Review #2 of "Improvement of nuclear facilities DNP3 protocol data transmission security using super encryption BRC4 in SCADA systems (v0.1)"

Improvement of nuclear facilities DNP3 protocol data transmission security using super encryption BRC4 in SCADA systems

Contact Info

Product

Resources

About