Design And Implementation Of Secure Distributed Network Protocol For SCADA System

Supervisory Control and Data Acquisition(SCADA)as an industrial control system is widely deployed in the power,metallurgy,petrochemical and other important national industries.Distributed Network Protocol(DNP3)is widely applied for SCADA system communication due to its flexibility and openness.With the integration of SCADA system and traditional information network,the lack of authentication and encryption for DNP3 brings many security issues to SCADA system.In order to guarantee the security of SCADA system,this paper aims at the security problems such as message leakage,message tampering,lack of authentication and authorization in DNP3,as well as the characteristics of SCADA system structure,limited computing resources and real-time requirements.By analyzing and redesigning the DNP3 link layer data,we propose a Secure Distributed Network Protocol(S-DNP3)based on the Bump-In-The-Wire prototype.The protocol can provide reliability protection,compatible with the legacy systems,and satisfy the availability requirement of SCADA system without modifying the system equipment.It can guarantee the confidentiality,integrity and authentication of system to meet the security requirement of SCADA system with a minimum effect on the performance of SCADA system.Based on the S-DNP3 protocol,we design and implement a secure communication system for SCADA system.In order to store sensitive information such as session key and device status,we propose a secure key-value storage method based on memory to realize the fast access of data in time.In view of the limited computing resources of SCADA system,we design a configurable lightweight key management and distribution protocol to realize the adaptive and efficient use of equipment resources as well as satisfy security requirement.In order to ensure the compatibility of the legacy SCADA systems,we design DNP3 and S-DNP3 protocol conversion method.O(1)Through the analysis of the security,S-DNP3 can provide encryption and authentication mechanism to guarantee the security of SCADA system,and resist camouflage attacks,eavesdropping attacks,and man-in-the-middle attacks.By analyzing the performance of the S-DNP3 protocol and performing a benchmark test on an S-DNP3-based communication system,the S-DNP3 protocol only increases the communication delay by 4.3%,reduces system throughput by 4.1% and satisfy the availability requirement of SCADA system with a minimum effect on system performance.