Securing DNP3 broadcast communications in SCADA systems

Amoah, Raphael, Camtepe, Seyit, & Foo, Ernest (2016) Securing DNP3 broadcast communications in SCADA systems. IEEE Transactions on Industrial Informatics. (In Press)

[img] PDF (822kB)
Administrators only | Request a copy from author

View at publisher


The Distributed Network Protocol version 3 (DNP3) provides Secure Authentication (DNP3-SA) as the mechanism to authenticate unicast messages from a master station to its outstations in SCADA systems. In large scale systems, it may be necessary to broadcast a critical request from a master station to multiple outstations at once. The DNP3 protocol standard describes the use of broadcast communication; however, it does not specify its security. This paper is the first to present DNP3 Secure Authentication for Broadcast (DNP3-SAB), a new lightweight security scheme for broadcast mode communication. This scheme is based on hash-chain and only makes use of the existing cryptographic primitives specified in DNP3-SA. The scheme integrates itself into the DNP3-SA key update process. The proposed scheme is modelled, validated, verified using Coloured Petri Nets (CPN) against the most common protocol attacks such as modification, injection and replay. Performance analysis on our scheme and the existing DNP3-SA modes (NACR and AGM) shows that DNP3-SAB reduces the communication overhead significantly at the cost of an increase with a constant term in processing and storage overhead. This benefit is maintained even when DNP3-SAB is under attack.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 96824
Item Type: Journal Article
Refereed: Yes
Keywords: SCADA, DNP3, DNP3-SA, DNP3-SAB, Formal Methods, CPN
DOI: 10.1109/TII.2016.2587883
ISSN: 1551-3203
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Facilities: Science and Engineering Centre
Copyright Owner: Copyright 2009 IEEE
Copyright Statement: Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Deposited On: 12 Jul 2016 23:02
Last Modified: 05 Aug 2016 16:32

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page