Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | curtis-crawford |
View: | 212 times |
Download: | 0 times |
TRUST, Autumn 2010 Conference, November 10-11, 2010
Simulation of Network Attacks on SCADA Systems
Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita Giani,
Himanshu Neema, Andrew Davis
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
2
Outline
Introduction– Security of SCADA Systems
C2WindTunnel– Testbed Design– Testbed Implementaion
Simulation Example– System Model and Attacks– Observations and Conclusions
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
3
SCADA Systems
Supervisory Control and Data Acquisition– Manage and control critical infrastructure
Gas utilities, power plants, oil refineries, power utilities, chemical plants, water management, traffic control systems
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
4
SCADA Security
Potential damage to critical infrastructure and loss of life
Components have decades-long lifetimes– Legacy systems designed without security as a
priority Upgrades may cause unacceptable downtime Real life examples exist
– Recent Stuxnet worm targeted SCADA systems monitoring nuclear facilities in Iran
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
5
Outline
Introduction– Security of SCADA Systems
C2WindTunnel– Testbed Design– Testbed Implementaion
Simulation Example– System Model and Attacks– Observations and Conclusions
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
6
Testbed Design Goals
Assess vulnerabilities of current SCADA systems in a realistic setting
Allow testing of novel architectural and technological solutions for next generation SCADA
Provide an open-source, highly flexible testbed for the industrial control community
Should be modular, easily reconfigurable, and accurate
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
7
Simulation Integration
Controller (Simulink)
Process (Simulink)
Network (OMNeT++)
??
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
8
Integration Challenges
Modeling network effects at packet level– Allows high fidelity simulation of network effects– Requires transferring time-stamped data among
simulations with precise time synchronization– Requires discrete event model of network
Different simulation time models– Network uses discrete event simulator– Control and process use continuous time
simulators– Consistent global time must be maintained to
prevent breach of causality
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
9
High Level Architecture
Handles time-stamped data transfer– Defines a global object model– Uses publish and subscribe architecture to transmit
time-stamped data Handles time management among diverse
time models– Directs progression of each simulation’s local time– No simulation can receive events in its past
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
10
Simulation Integration
Controller (Simulink)Process (Simulink)
Network (OMNeT++)
DoD/HLA Simulation Architecture
Simulink glue code Simulink glue codeOMNeT++ glue code
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
11
Integration Code Generation
Integration of federates modeled with GME, a general purpose graphical modeling tool– Federates and object model– Publish and subscribe relationships– Timing parameters
C2WindTunnel includes code generators to facilitate integration of federates– HLA FED file– Simulation engine to HLA glue code– Simplified interaction publish & subscribe
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
12
Recent Work
Extended network integration– Endpoint nodes specified in integration model
allowing transparent data flow from HLA to network– Code generated for data-type based routing of
information through the network– Integrates with the INET framework to allow
network modeling without concern for federation level details
– Restructured HLA-to-network interface to support newest version of the poRTIco RTI
New Windows installer simplifies setup– Available on project wiki
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
13
Outline
Introduction– Security of SCADA Systems
C2WindTunnel– Testbed Design– Testbed Implementaion
Simulation Example– System Model and Attacks– Observations and Conclusions
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
14
Plant Model
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
15
Control Problem
Objectives– Maintain production rate by controlling valves– Minimize operating cost (function of purge loss of A
and C) Restrictions
– Operating pressure below shutdown limit of 3 MPa– Flows have a maximum at their saturation points
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
16
Network Model
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
17
Attacks
DDOS attacks are simulated on system, targeting various routers
Saturated with external communication requests from large number of zombie nodes
Process nodes connecting to attacked routers sustain 100% packet loss for the duration of the attack
Controller, feed and product routers are attacked from 30-second mark to 60-second mark out of simulation time of 150 seconds
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
18
Attack on Feed Router
Attack on Feed Router: Process remains stable throughout duration of attack
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
19
Attack on Product Router
Attack on Product Router: Process destabilizes during attack and begins to recover at its completion
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
20
Conclusions
Effects of each individual attack are hard to predict and compare analytically
For a complicated system, calculating effects would require intensive analytical computations, could be intractable
Simulation is the best way to estimate effects, to implement and compare network configurations and redundancies
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
21
Future Work
Simulation can be used to develop and evaluate more robust control algorithms
Extend testing to other common network security attacks
Investigate distinguishing process faults from network attacks
TRUST, Autumn 2010 Conference, November 10-11, 2010"Simulation of Network Attacks on SCADA Systems", Andrew Davis
22
Acknowledgements
This work was supported in part by TRUST (Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422) and the following organizations: AFOSR (#FA9550-06-1-0244), BT, Cisco, DoCoMo USA Labs, EADS, ESCHER, HP, IBM, iCAST, Intel, Microsoft, ORNL, Pirelli, Qualcomm, Sun, Symantec, TCS, Telecom Italia and United Technologies.