999 resultados para DNP3 protocol
Resumo:
Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.
Resumo:
In dealing with computer networks, these allow the flow of information through the resources of various equipment's. This work describes the implementation through the encapsulation of Protocol DNP3, usually employed in Smart Grid communication, in a simulator of discrete events. The NS-2 is a simulator in open source of network events, that facilitate the development of communication networks scenarios considering the protocols involved, in wireless or wired technologies. The objective of this work is to develop the DNP3 protocol encapsulation over a TCP/IP in the in the discrete event Simulator NS-2, allowing an analysis of behavior of a middle or large network sized in Smart Grid applications. © 2013 IEEE.
Resumo:
Several countries have invested in technologies for Smart Grids. Among such protocols designed cover this area, highlights the DNP3 (Distributed Network Protocol version 3). Although the DNP3 be developed for operation over the serial interface, there is a trend in the literature to the use of other interfaces. The Zigbee wireless interface has become more popular in the industrial applications. In order to study the challenges of integrating of these two protocols, this article is presented the analysis of DNP3 protocol stack through state machines The encapsulation of DNP3 messages in P2P (point-to-point) ZigBee Network, may assist in the discovery and solution of failures of availability and security of this integration. The ultimate goal is to merge the features of DNP3 and Zigbee stacks, and display a solution that provides the benefits of wireless environment, without impairment of security required for Smart Grid applications.
Resumo:
Faced with an imminent restructuring of the electric power system, over the past few years many countries have invested in a new paradigm known as Smart Grid. This paradigm targets optimization and automation of electric power network, using advanced information and communication technologies. Among the main communication protocols for Smart Grids we have the DNP3 protocol, which provides secure data transmission with moderate rates. The IEEE 802.15.4 is another communication protocol also widely used in Smart Grid, especially in the so-called Home Area Network (HAN). Thus, many applications of Smart Grid depends on the interaction of these two protocols. This paper proposes modeling, in the traditional network simulator NS-2, the integration of DNP3 protocol and the IEEE 802.15.4 wireless standard for low cost simulations of Smart Grid applications.
Resumo:
This paper presents simulation results of the DNP3 communication protocol over a TCP/IP network, for Smart Grid applications. The simulation was performed using the NS-2 network simulator. This study aimed to use the simulation to verify the performance of the DNP3 protocol in a heterogeneous LAN. Analyzing the results it was possible to verify that the DNP3 over a heterogeneous traffic network, with communication channel capacity between 60 and 85 percent, it works well with low packet loss and low delay, however, with traffic values upper 85 percent, the DNP3 usage becomes unfeasible because the information lost, re-transmissions and latency are significantly increased. © 2013 IEEE.
Resumo:
Pós-graduação em Engenharia Elétrica - FEIS
Resumo:
Pós-graduação em Engenharia Elétrica - FEIS
Resumo:
This thesis evaluates the security of Supervisory Control and Data Acquisition (SCADA) systems, which are one of the key foundations of many critical infrastructures. Specifically, it examines one of the standardised SCADA protocols called the Distributed Network Protocol Version 3, which attempts to provide a security mechanism to ensure that messages transmitted between devices, are adequately secured from rogue applications. To achieve this, the thesis applies formal methods from theoretical computer science to formally analyse the correctness of the protocol.
Resumo:
The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols, to control national infrastructure. Widely used interactive packet manipulation tools, such as Scapy, have not yet been augmented to parse and create DNP3 frames (Biondi 2014). In this paper we extend Scapy to include DNP3, thus allowing us to perform attacks on DNP3 in real-time. Our contribution builds on East et al. (2009), who proposed a range of possible attacks on DNP3. We implement several of these attacks to validate our DNP3 extension to Scapy, then executed the attacks on real world equipment. We present our results, showing that many of these theoretical attacks would be unsuccessful in an Ethernet-based network.
Resumo:
Supervisory Control and Data Acquisition (SCADA) systems are one of the key foundations of smart grids. The Distributed Network Protocol version 3 (DNP3) is a standard SCADA protocol designed to facilitate communications in substations and smart grid nodes. The protocol is embedded with a security mechanism called Secure Authentication (DNP3-SA). This mechanism ensures that end-to-end communication security is provided in substations. This paper presents a formal model for the behavioural analysis of DNP3-SA using Coloured Petri Nets (CPN). Our DNP3-SA CPN model is capable of testing and verifying various attack scenarios: modification, replay and spoofing, combined complex attack and mitigation strategies. Using the model has revealed a previously unidentified flaw in the DNP3-SA protocol that can be exploited by an attacker that has access to the network interconnecting DNP3 devices. An attacker can launch a successful attack on an outstation without possessing the pre-shared keys by replaying a previously authenticated command with arbitrary parameters. We propose an update to the DNP3-SA protocol that removes the flaw and prevents such attacks. The update is validated and verified using our CPN model proving the effectiveness of the model and importance of the formal protocol analysis.
Resumo:
The Distributed Network Protocol v3.0 (DNP3) is one of the most widely used protocols to control national infrastructure. The move from point-to-point serial connections to Ethernet-based network architectures, allowing for large and complex critical infrastructure networks. However, networks and con- figurations change, thus auditing tools are needed to aid in critical infrastructure network discovery. In this paper we present a series of intrusive techniques used for reconnaissance on DNP3 critical infrastructure. Our algorithms will discover DNP3 outstation slaves along with their DNP3 addresses, their corresponding master, and class object configurations. To validate our presented DNP3 reconnaissance algorithms and demonstrate it’s practicality, we present an implementation of a software tool using a DNP3 plug-in for Scapy. Our implementation validates the utility of our DNP3 reconnaissance technique. Our presented techniques will be useful for penetration testing, vulnerability assessments and DNP3 network discovery.
