Open and secure SCADA with DNP3
Paul Gibson, MultiTrode -- Control Engineering, 6/1/2008
The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems. But while the threat of terrorist attacks has increased, so has the need for DNP3. But DNP3 was never designed with security in mind.
Since it is an open design, anyone familiar with the protocol could launch an attack on a SCADA system. This is especially true when the protocol is used over radio networks where packets can be intercepted with a scanner. So how do you keep a SCADA network open and yet secure from cyber attacks? The DNP3 community has recognized the need for secure SCADA communications and has developed a security model for the protocol. Its goal is to provide:
-
Authentication and message integrity;
-
Low overhead;
-
Support for remote key management built into DNP3 at the application layer; and
-
Compatibility with all DNP3-supported communications links.
The secure DNP3 protocol specification is currently being finalized, and is expected to be submitted to the DNP3 Users Group for review in 2008, where it is expected to be approved and released shortly thereafter.
A common perception is that proprietary protocols are inherently secure because their design is not open. Unfortunately this assumes the protocol is not easily reverse engineered. Because security measures that may exist in proprietary protocols cannot be independently verified for their robustness, assuming a proprietary protocol is secure to the level required is a leap of faith.
DNP3 security is implemented within the protocol itself, and proven industry-standard authentication methodologies are employed that can be investigated and verified independently.
Specific risks addressed
Secure DNP3 is designed to eliminate the risk of messages being either falsified, or intercepted and repeated by a third party. Both scenarios could result in extensive damage to equipment and disruption of services if carried out correctly.
According to the draft specification (DNP3 Specification, Volume 2, Supplement 1, Secure Authentication. Version 1.00, 3rd February 2007), security threats addressed by the protocol include: spoofing, modification, replay, eavesdropping (on exchanges of cryptographic keys only, not on other data), and non-repudiation (to the extent of identifying individual users of the system.)
Secure DNP3 protects against these threats by providing both authentication and message integrity. It does not encrypt the messages, but does use key encryption to keep session keys secure.
Secure DNP3 uses a “challenge-response” method to verify the message is originating from a valid source. The implementation is based on the proven Challenge-Handshake Authentication Protocol (RFC 1994). Either side of the link can initiate an authentication challenge. This can be at initialization, periodically, or when a critical function is received.
An authentication response is then sent. The authentication challenge contains some pseudo-random data, a sequence number and the required algorithm. The response contains a hash value generated from the challenge data and the key. The sequence number is also returned. If the authentication response is valid, then the challenger will respond to the original DNP3 message with a standard protocol response.
|
| Secure DNP3 uses a "challenge response" method to verify the message is originating from a valid source. If bandwidth is at a premium, the simpler "aggressive mode" authentication method shown can be used. |
Aggressive mode method
The challenge-response method adds to the required communications bandwidth. If bandwidth is at a premium, a simpler authentication method can be used instead. “Aggressive mode” reduces the required bandwidth by eliminating the normal challenge and response messages. The authentication data can also be included at the end of the DNP message. This mode is slightly less secure.
When it comes to key management, secure DNP3 uses a minimum of 128-bit AES encryption to keep keys secure. There are two types of keys: temporary session keys and update keys. Session keys are initialized at start-up and then changed regularly, approximately every 10 minutes. Update keys are used to encrypt the session keys. These are pre-shared at either end of the link so they never need to be transmitted.
The addition of security measures to the DNP3 protocol is important for SCADA communications networks operating over easily intercepted mediums such as radio. Threats such as message interception and repeating are effectively handled by implementing secure authentication within the application layer of the protocol itself. Although the final standard is not expected until later this year, implementations of secure DNP3 are already becoming available. Using it allows an organization to benefit from an open, accepted protocol today.
ONLINE EXTRA
Terminal blocks: Resources, application advice, products
Learning resources, application advice and terminal block product information follows.
Videos and more details from Phoenix Contact
Phoenix Contacts offers:
Videos Clipline interconnection technologies.
www.phoenixcontact.com/terminal-blocks/26840.htm
More on Clipline terminal blocks.
www.phoenixcontact.com/terminal-blocks/31584_29125.htm
More on SPTA, a compact, low profile, angled terminal block that provides space-saving connections for up to 10 A.
www.phoenixcontact.com/service/33677_36875.htm
A Rockwell Automation video shows time saving connection technologies.
www.controleng.com/BCVideo.html?bcpid=1078986906&bclid=1111466775&bctid=1427294974
Wago offers:
E-learning on the Wago Cage Clamp Spring Pressure Connection Technology. https://admin.acrobat.com/p35541967/
Power Cage Clamp (PPC) system overview, variants, and more information.
www.wago.us/products/11660.htm
View All Control Engineering Webcasts from CTL
