Endüstriyel Kontrol Sistemleri ve SCADA Uygulamalarının Siber Güvenliği: Modbus TCP Protokolü Örneği

Elektrik üretim, iletim ve dağıtım sistemleri ulusal güvenlik boyutunda değerlendirilmekte olup kritik altyapılar olarak tanımlanmaktadır. Bu sistemlerin izlenmesi ve denetimi Endüstriyel Kontrol Sistemleri (EKS) veya Danışmalı Kontrol ve Veri Toplama Sistemleri (SCADA) ile sağlanmaktadır. Haberleşme ve internet teknolojisindeki güncel gelişmelere bağlı olarak EKS/SCADA sistemleri de bilişim teknolojileriyle entegre çalışır hale gelmiştir. Bu duruma paralel olarak bilgi ve iletişim teknolojisinde mevcut olan veya ortaya çıkan güvenlik zafiyetleri SCADA sistemlerini de direkt olarak etkileyebilmektedir. Bu nedenle çalışmada, EKS/SCADA sistemlerinin siber güvenliği üzerinde durulmuş ve bu sistemlerde en fazla kullanılan endüstriyel haberleşme protokollerinden birisi olan Modbus TCP protokolünde tespit edilen kimlik doğrulama eksikliğinin istismar edilebildiği ortaya konulmuştur. Bu güvenlik sorununa çözüm olarak saldırıyı engellemeye veya hafifletmeye yönelik Python programlama dili kullanılarak bir program yazılmıştır. Önerilen çözüm, çeşitli testlere tabi tutulmuş ve gerçekleştirilen siber saldırıların engellenebildiği ispatlanmıştır. Sunulan çalışmanın, EKS/SCADA sistemlerinin ve bu sistemlerin haberleşmesinde kullanılan endüstriyel protokollerin güvenliğine katkılar sağlayacağı değerlendirilmektedir.

Anahtar Kelimeler:

Siber Güvenlik, Endüstriyel Kontrol Sistemleri, SCADA, Modbus TCP

Cyber Security in Industrial Control Systems and SCADA Applications: Modbus TCP Protocol Example

Electrical energy generation, transmission and distribution systems are evaluated in terms of national security dimension and defined as critical infrastructures. Monitoring and controlling of these systems is provided by Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems. According to the latest advances in communication and internet technology, ICS/SCADA systems have started to become integrated with these systems. As a result of this situation, current or existing vulnerabilities in information and communication technology affect to SCADA systems directly. Therefore, this paper focuses on the cyber security of ICS/SCADA systems. It has been proved that the lack of authentication detected in Modbus TCP protocol, one of the most used in ICS/SCADA systems, can be exploited. In order to solve this security issue, a software is developed using the Python programming language for blocking or mitigating the cyber attacks. The proposed solution is subjected to several tests and results show that the attacks can be prevented successfully. Thus, it is considered that the proposed work will contribute to the security of ICS/SCADA systems and the industrial protocols using for communicating these systems.

Keywords:

Cyber Security, Industrial Control Systems, SCADA, Modbus TCP,

PDF

___

M. Unver, C. Canbay, “Ulusal ve Uluslararası Boyutlarıyla Si̇ber Güvenli̇k,” 2010.
R. Sanz, K. Årzén, “Trends in Software and Control,” IEEE Control System Magazine, no. June, 2003.
R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, “Security Strategies for SCADA Networks,” Critical Infrastructure Protection, sayı 253, pp. 117–131.
L. Yanfei, W. Cheng, Y. Chengbo, Q. Xiaojun, “Research on ZigBee Wireless Sensors Network Based on ModBus Protocol,” Proceedings - 2009 International Forum on Information Technology and Applications, sayı 1, 487–490, 2009.
L. Yanfei and W. Cheng, “An Improved Design of ZigBee Wireless Sensor Network,” 2nd IEEE International Conference on Computer Science and Information Technology, 515–518, 2009.
R. Bayindir, Ş. Sağıroğlu, A. Özbilen, İ. Çolak, “Investigating Industrial Risks Based on Information Security for Observerable Electrical Energy Distribution System and Suggestions,” Gazi University Journal of Faculty of Engineering and Architecture, 24: 4, 715–723, 2009.
Q. Xiong et al., “A Vulnerability Detecting Method for Modbus-TCP Based on Smart Fuzzing Mechanism,” IEEE International Conference on Electro Information Technology, 404–409, 2015.
S. Bhatia, N. Kush, C. Djamaludin, J. Akande, and E. Foo, “Practical Modbus Flooding Attack and Detection”, Conferences in Research and Practice in Information Technology Series, 57–65, 2014.
W. L. Shang, L. Li, M. Wan, ve P. Zeng (2015). “Security Defense Model of Modbus TCP Communication Based on Zone / Border Rules : Misuse”.
B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-Purry, ve D. Kundur (2015). “Implementing Attacks for Modbus/TCP Protocol in a Real-Time Cyber Physical System Testbed”, Proceedings - CQR 2015: 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability.
G. Dondossola, G. Garrone, J. Szanto, G. Deconinck, T. Loix, ve H. Beitollahi (2009). “ICT Resilience of Power Control Systems: Experimental Results from the Crutial Testbeds”, Proceedings of the International Conference on Dependable Systems and Networks, 554–559.
G. Dondossola, G. Deconinck, F. Garrone, ve H. Beitollahi (2009). “Testbeds for Assessing Critical Scenarios in Power Control Systems”, 223–234.
M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga, ve S. Hariri (2011). “A testbed for Analyzing Security of SCADA Control Systems (TASSCS)”, IEEE PES Innovative Smart Grid Technologies Conference Europe, ISGT Europe, 1–7.
“MODBUS Application Protocol,” Modbus IDA, 1–51, 2006.
B. Dutertre, “Formal Modeling and Analysis of The Modbus Protocol,” Critical Infrastructure Protection, 189–204, 2007.
A. Swales, “Open Modbus / Tcp Specification”, Schneider Electric, 1–26, 1999.
P. Huitsing, R. Chandia, M. Papa, and S. Shenoi, “Attack Taxonomies for The Modbus Protocols,” nternational Journal of Critical Infrastructure Protection, 37–44, 2008.
“MODBUS over Serial Line–Specification and Implementation Guide,” 2002.
T. H. Morris, “On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control,” 9: 1, 37–56, 2009.
İnternet: http://www.modbustools.com/download.html, “Modbus Poll Simulator.” Erişim Tarihi: 25-May-2017.