SCADAWall: A CPI-enabled firewall model for SCADA security
2018; Elsevier BV; Volume: 80; Linguagem: Inglês
10.1016/j.cose.2018.10.002
ISSN1872-6208
AutoresDong Li, Huaqun Guo, Jianying Zhou, Luying Zhou, Jun Wen Wong,
Tópico(s)Internet Traffic Analysis and Secure E-voting
ResumoMany firewalls have been extending their security capabilities to support Supervisory Control and Data Acquisition (SCADA) systems or to protect the operations within industrial process control. A SCADA firewall usually needs to inspect deeper into the payload to understand exactly what detailed industrial applications are being executed. However, security features in traditional SCADA firewalls have drawbacks in two main aspects. First, a traditional Deep Packet Inspection (DPI) enabled SCADA firewall only partially inspects the content of payload. Specially-crafted packets carrying malicious payload can exploit this drawback to bypass the firewall's inspection. Second, existing SCADA firewalls have poor capability for protecting proprietary industrial protocols. In this paper, we propose a new SCADA firewall model called SCADAWall. This model is powered by our Comprehensive Packet Inspection (CPI) technology. SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations. We have compared our security features with two commercial SCADA firewalls. Our experiment also shows that SCADAWall can effectively mitigate those drawbacks without sacrificing SCADA system's low latency requirement.
Referência(s)