Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita.

Published byCurtis Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita."— Presentation transcript:

1 TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita Giani, Himanshu Neema, Andrew Davis

2 TRUST, Autumn 2010 Conference, November 10-11, 2010 Outline Introduction – Security of SCADA Systems C2WindTunnel – Testbed Design – Testbed Implementaion Simulation Example – System Model and Attacks – Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis2

3 TRUST, Autumn 2010 Conference, November 10-11, 2010 SCADA Systems Supervisory Control and Data Acquisition – Manage and control critical infrastructure Gas utilities, power plants, oil refineries, power utilities, chemical plants, water management, traffic control systems "Simulation of Network Attacks on SCADA Systems", Andrew Davis3

4 TRUST, Autumn 2010 Conference, November 10-11, 2010 SCADA Security Potential damage to critical infrastructure and loss of life Components have decades-long lifetimes – Legacy systems designed without security as a priority Upgrades may cause unacceptable downtime Real life examples exist – Recent Stuxnet worm targeted SCADA systems monitoring nuclear facilities in Iran "Simulation of Network Attacks on SCADA Systems", Andrew Davis4

5 TRUST, Autumn 2010 Conference, November 10-11, 2010 Outline Introduction – Security of SCADA Systems C2WindTunnel – Testbed Design – Testbed Implementaion Simulation Example – System Model and Attacks – Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis5

6 TRUST, Autumn 2010 Conference, November 10-11, 2010 Testbed Design Goals Assess vulnerabilities of current SCADA systems in a realistic setting Allow testing of novel architectural and technological solutions for next generation SCADA Provide an open-source, highly flexible testbed for the industrial control community Should be modular, easily reconfigurable, and accurate "Simulation of Network Attacks on SCADA Systems", Andrew Davis6

7 TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation Integration "Simulation of Network Attacks on SCADA Systems", Andrew Davis7 Controller (Simulink) Process (Simulink) Network (OMNeT++) ??

8 TRUST, Autumn 2010 Conference, November 10-11, 2010 Integration Challenges Modeling network effects at packet level – Allows high fidelity simulation of network effects – Requires transferring time-stamped data among simulations with precise time synchronization – Requires discrete event model of network Different simulation time models – Network uses discrete event simulator – Control and process use continuous time simulators – Consistent global time must be maintained to prevent breach of causality "Simulation of Network Attacks on SCADA Systems", Andrew Davis8

9 TRUST, Autumn 2010 Conference, November 10-11, 2010 High Level Architecture Handles time-stamped data transfer – Defines a global object model – Uses publish and subscribe architecture to transmit time-stamped data Handles time management among diverse time models – Directs progression of each simulation’s local time – No simulation can receive events in its past "Simulation of Network Attacks on SCADA Systems", Andrew Davis9

10 TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation Integration "Simulation of Network Attacks on SCADA Systems", Andrew Davis10 Controller (Simulink) Process (Simulink) Network (OMNeT++) DoD/HLA Simulation Architecture Simulink glue code OMNeT++ glue code

11 TRUST, Autumn 2010 Conference, November 10-11, 2010 Integration Code Generation Integration of federates modeled with GME, a general purpose graphical modeling tool – Federates and object model – Publish and subscribe relationships – Timing parameters C2WindTunnel includes code generators to facilitate integration of federates – HLA FED file – Simulation engine to HLA glue code – Simplified interaction publish & subscribe "Simulation of Network Attacks on SCADA Systems", Andrew Davis11

12 TRUST, Autumn 2010 Conference, November 10-11, 2010 Recent Work Extended network integration – Endpoint nodes specified in integration model allowing transparent data flow from HLA to network – Code generated for data-type based routing of information through the network – Integrates with the INET framework to allow network modeling without concern for federation level details – Restructured HLA-to-network interface to support newest version of the poRTIco RTI New Windows installer simplifies setup – Available on project wiki "Simulation of Network Attacks on SCADA Systems", Andrew Davis12

13 TRUST, Autumn 2010 Conference, November 10-11, 2010 Outline Introduction – Security of SCADA Systems C2WindTunnel – Testbed Design – Testbed Implementaion Simulation Example – System Model and Attacks – Observations and Conclusions "Simulation of Network Attacks on SCADA Systems", Andrew Davis13

14 TRUST, Autumn 2010 Conference, November 10-11, 2010 Plant Model "Simulation of Network Attacks on SCADA Systems", Andrew Davis14

15 TRUST, Autumn 2010 Conference, November 10-11, 2010 Control Problem Objectives – Maintain production rate by controlling valves – Minimize operating cost (function of purge loss of A and C) Restrictions – Operating pressure below shutdown limit of 3 MPa – Flows have a maximum at their saturation points "Simulation of Network Attacks on SCADA Systems", Andrew Davis15

16 TRUST, Autumn 2010 Conference, November 10-11, 2010 Network Model "Simulation of Network Attacks on SCADA Systems", Andrew Davis16

17 TRUST, Autumn 2010 Conference, November 10-11, 2010 Attacks DDOS attacks are simulated on system, targeting various routers Saturated with external communication requests from large number of zombie nodes Process nodes connecting to attacked routers sustain 100% packet loss for the duration of the attack Controller, feed and product routers are attacked from 30-second mark to 60-second mark out of simulation time of 150 seconds "Simulation of Network Attacks on SCADA Systems", Andrew Davis17

18 TRUST, Autumn 2010 Conference, November 10-11, 2010 Attack on Feed Router "Simulation of Network Attacks on SCADA Systems", Andrew Davis18 Attack on Feed Router: Process remains stable throughout duration of attack

19 TRUST, Autumn 2010 Conference, November 10-11, 2010 Attack on Product Router "Simulation of Network Attacks on SCADA Systems", Andrew Davis19 Attack on Product Router: Process destabilizes during attack and begins to recover at its completion

20 TRUST, Autumn 2010 Conference, November 10-11, 2010 Conclusions Effects of each individual attack are hard to predict and compare analytically For a complicated system, calculating effects would require intensive analytical computations, could be intractable Simulation is the best way to estimate effects, to implement and compare network configurations and redundancies "Simulation of Network Attacks on SCADA Systems", Andrew Davis20

21 TRUST, Autumn 2010 Conference, November 10-11, 2010 Future Work Simulation can be used to develop and evaluate more robust control algorithms Extend testing to other common network security attacks Investigate distinguishing process faults from network attacks "Simulation of Network Attacks on SCADA Systems", Andrew Davis21

22 TRUST, Autumn 2010 Conference, November 10-11, 2010 Acknowledgements This work was supported in part by TRUST (Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422) and the following organizations: AFOSR (#FA9550-06-1-0244), BT, Cisco, DoCoMo USA Labs, EADS, ESCHER, HP, IBM, iCAST, Intel, Microsoft, ORNL, Pirelli, Qualcomm, Sun, Symantec, TCS, Telecom Italia and United Technologies. "Simulation of Network Attacks on SCADA Systems", Andrew Davis22

Download ppt "TRUST, Autumn 2010 Conference, November 10-11, 2010 Simulation of Network Attacks on SCADA Systems Rohan Chabukswar, Bruno Sinopoli, Gabor Karsai, Annarita."

Similar presentations

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.

Introduction to IRRIIS testing platform IRRIIS MIT Conference ROME 8 February 2007 Claudio Balducelli.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary 22-23 November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.

GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.
TRUST for SCADA: A Simulation-based Experimental Platform

TRUST for SCADA: A Simulation-based Experimental Platform
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
This work was supported by the TRUST Center (NSF award number CCF-0424422) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.

This work was supported by the TRUST Center (NSF award number CCF ) 1. Setting up experiment on DETER testbed a)Created twelve pc backbone nodes.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.

1 Workshop on Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Organizers: NC State University & UNC Chapel Hill.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.

Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.

Attacks on Three Tank System Three Tank System Testing Model-Based Security Features Experimental Platform for Model-Based Design of Embedded Systems Matt.
ISCSI Performance in Integrated LAN/SAN Environment Li Yin U.C. Berkeley.

ISCSI Performance in Integrated LAN/SAN Environment Li Yin U.C. Berkeley.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Do You See What I See (DYSWIS) Aditya Muthyala (am3551) School of Engineering and Applied Science Columbia University, Fall 2011.

Do You See What I See (DYSWIS) Aditya Muthyala (am3551) School of Engineering and Applied Science Columbia University, Fall 2011.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.

Annarita Giani, UC Berkeley Bruno Sinopoli & Aakash Shah, Carnegie Mellon University Gabor Karsai & Jon Wiley, Vanderbilt University TRUST 2008 Autumn.

Similar presentations

Ads by Google