Research On Modbus/TCP Protocol Security In SCADA Systems

Industrial control systems are widely used in chemical, electric power transmission, transportation, oil and gas mining and water treatment areas which are extremely important to the national economy, and thus the security of these industrial control systems is directly related to the development of national infrastructure and key areas. Early industrial control systems mostly used simple, closed and lacking of security mechanism private protocols which can simply meet the communication requirements of industrial control systems. However, with the continuous progress of the network integration process, TCP/IP technology is widely used in industrial control systems in the format of Modbus/TCP protocol, thus leading the industrial control systems to face security risks coming both from common TCP/IP and private Modbus protocol.The main purpose of this paper is to safeguard security of Modbus/TCP protocol which was widely used in SCADA process control. First, according to the security demand of Modbus/TCP, this paper designs a kind of trusted Modbus/TCP protocol to achieve the goal of authentication, integrity and confidentiality. Second, as to the security requirements of Modbus/TCP protocol data, a method which will isolate Modbus/TCP protocols threats is proposed. This method is based on virtualization and deep detection of Modbus/TCP protocol. This method can isolate the characteristics of TCP/IP and ensure legitimacy goal of Modbus/TCP communication data.The main work in this paper is as follows:1) Modbus/TCP protocol lacks of authentication, can’t provide data integrity and confidentiality protection, therefore a trusted Modbus/TCP protocol based on Trusted Platform Module hardware is proposed, which including communication identity and device status authentication of clients and servers. Trusted Modbus/TCP protocol not only ensure that equipment cannot be faked, but also ensure the credibility of device’s operating system and software configuration. HMAC algorithm ensures the integrity of transfer data in the communication process. This method provides security classification functionality for Modbus specific control command, which we can optionally encrypt messages to ensure the confidentiality of communications. The performance analysis of TPM commands tells us that trusted Modbus/TCP protocol can meet the real-time demand of industrial control systems.2) For currently existing TCP/IP flaws and the abuse of Modbus function code issues of Modbus/TCP protocol, a protocol isolation method which is based on Modbus/TCP deep detection and virtualization is proposed. This method is based on Xen virtualization. Protocols data is stripped to block in order to prevent attacks based on the traditional TCP/IP protocols. Then Modbus/TCP data is cleaned, by the way of enhancing access control of special function code and increasing inspection of Modbus/TCP header MBAP, the starting address of the data object, the values of the data object and other content. This method can ensure legitimacy goal of Modbus/TCP communication data.