Securing DNP3 broadcast communications in SCADA systems
Administrators only | Request a copy from author
The Distributed Network Protocol version 3 (DNP3) provides Secure Authentication (DNP3-SA) as the mechanism to authenticate unicast messages from a master station to its outstations in SCADA systems. In large scale systems, it may be necessary to broadcast a critical request from a master station to multiple outstations at once. The DNP3 protocol standard describes the use of broadcast communication; however, it does not specify its security. This paper is the first to present DNP3 Secure Authentication for Broadcast (DNP3-SAB), a new lightweight security scheme for broadcast mode communication. This scheme is based on hash-chain and only makes use of the existing cryptographic primitives specified in DNP3-SA. The scheme integrates itself into the DNP3-SA key update process. The proposed scheme is modelled, validated, verified using Coloured Petri Nets (CPN) against the most common protocol attacks such as modification, injection and replay. Performance analysis on our scheme and the existing DNP3-SA modes (NACR and AGM) shows that DNP3-SAB reduces the communication overhead significantly at the cost of an increase with a constant term in processing and storage overhead. This benefit is maintained even when DNP3-SAB is under attack.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
|Item Type:||Journal Article|
|Keywords:||SCADA, DNP3, DNP3-SA, DNP3-SAB, Formal Methods, CPN|
|Divisions:||Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
|Facilities:||Science and Engineering Centre|
|Copyright Owner:||Copyright 2009 IEEE|
|Copyright Statement:||Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.|
|Deposited On:||12 Jul 2016 23:02|
|Last Modified:||05 Aug 2016 16:32|
Repository Staff Only: item control page