For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Recovery Measure against Disabling Reassembly Attack to DNP3 Communication
Sungmoon KWON Hyunguk YOO Taeshik SHON
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/08/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Industrial Control System Security
industrial control system, DNP3, reassembly, availability,
Full Text: PDF(1.7MB)>>
In the past, the security of industrial control systems was guaranteed by their obscurity. However, as devices of industrial control systems became more varied and interaction between these devices became necessary, effective management systems for such networks emerged. This triggered the need for cyber-physical systems that connect industrial control system networks and external system networks. The standards for the protocols in industrial control systems explain security functions in detail, but many devices still use nonsecure communication because it is difficult to update existing equipment. Given this situation, a number of studies are being conducted to detect attacks against industrial control system protocols, but these studies consider only data payloads without considering the case that industrial control systems' availability is infringed owing to packet reassembly failures. Therefore, with regard to the DNP3 protocol, which is used widely in industrial control systems, this paper describes attacks that can result in packet reassembly failures, proposes a countermeasure, and tests the proposed countermeasure by conducting actual attacks and recoveries. The detection of a data payload should be conducted after ensuring the availability of an industrial control system by using this type of countermeasure.