Simulation Of Network Attacks On SCADA Systems
IntroductionC2WindTunnelThe SimulationSimulation of Network Attacks on SCADASystemsRohan Chabukswar1 , Bruno Sinopoli1 , Gabor Karsai2 ,Annarita Giani3 , Himanshu Neema2 , Andrew Davis21 Carnegie Mellon University, 2 Vanderbilt University, 3 University of California BerkeleyFirst Workshop on Secure Control SystemsApril 12, 2010Stockholm, SwedenRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationOutline1IntroductionSecurity of SCADA SystemsSimulation of SCADA Systems2C2WindTunnelHigh Level ArchitectureRun Time Infrastructure3The SimulationThe SystemAttacksObservations and ConclusionsRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationSecurity of SCADA SystemsSimulation of SCADA SystemsLegacy SCADA SystemsSupervisory Control and Data Acquisition SystemsDesigned to have long life spans, decadesCurrently used SCADA systems designed when securitywasn’t a big issueInternet connection exposes the systems to externalsecurity attacksRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationSecurity of SCADA SystemsSimulation of SCADA SystemsUpgrading Legacy SCADA SystemsSCADA systems are cumbersome to upgrade1Upgrading security implies downtime, not desirable incritical systems like power plants and traffic control2Legacy SCADA devices are too limited to be upgraded3SCADA networks are customized for the systems and theirsecurity properties cannot be generalizedLegacy and future SCADA systems require assessment andelimination of security vulnerabilitiesRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationSecurity of SCADA SystemsSimulation of SCADA SystemsSimulation of SCADA SystemsIt is essential to model and simulate communicationnetworks to study mission critical situationsSCADA system is composed of units in domains likedynamic systems, networks and physical environmentsEach of these units can be modeled using a variety ofavailable simulators and/or emulatorsSimulation of such system needs underlying softwareinfrastructure for a logically and temporally coherentframeworkRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationHigh Level ArchitectureRun Time InfrastructureC2WindTunnelEnables various simulation engines to interact and transmitdata, log and analyze real time simulation resultsUses discrete event model of computation for the preciseintegration of a range of simulation enginesRequires integration on two levels for each simulationmodel:12API Level: Provides basic services like message passingand shared object managementInteraction Level: Synchronization and coordination.Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationHigh Level ArchitectureRun Time InfrastructureHigh Level Architecture (HLA)Basis of C2WindTunnelInitially designed by US Department of Defense (DoD) toensure interoperability and reusability of models andsimulation componentsComponents of the HLA:12HLA rules to ensure proper interaction among federatesand to delineate the respective responsibilitiesObject Model Template (OMT) to prescribe format andsyntax for recording and communicating informationRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationHigh Level ArchitectureRun Time InfrastructureRun Time Infrastructure (RTI)Run Time Infrastructure (RTI) is the softwareimplementation of HLAA collection of software that provides a set of HLA requiredservices to multiple simulation systemsSeveral commercial and open-source RTIs available in themarket, some of which have been verified by the USDefense Modeling and Simulation Office.RTI handles Federation, Object, Time, and EventManagementRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationHigh Level ArchitectureRun Time InfrastructureTime and Event ManagementTime Management:Federate manager uses HLA-specified synchronizationpoints to guarantee that all federates are ready to proceedwith the simulationSimulation proceeds for a small time step, after which eachfederate needs permission from the RTI to proceedEvent and Data InteractionA publish and subscribe mechanism is used by the HLAEach federate declares to the federation which events it isinterested inRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsC2WindTunnel Simulation Architecture“Virtual” odel Integration FederateOMNeT FederateSimulinkFederateModelsRun-timeGlue CodeRun Time InfrastructureSimulation Data DistributionAnd Communication MiddlewareDistributed Simulation PlatformRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsThe PlantPurge (A, B, C)Feed 1(A, B, C)VaporFeed 2(Pure A)LiquidProduct (D)Figure: Chemical Plant (A C D)Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsControl ProblemObjectives:Maintain production rate by controlling valvesMinimize operating cost (function of purge loss of A and C)Restrictions:Operating pressure below shutdown limit of 3 MPaFlows have a maximum at their saturation pointsRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsThe Controllery0StateEstimator y ubxLinearQuadraticRegulatoru0Figure: The Controller (Simulated in Simulink)Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsNetwork roductRoutery5 u4 y6 u1 u2 y1 y2 y3 y7 y8 y9 u3 y4 y10PlantFigure: Network Map (Simulated in OMNeT )Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsOMNeT Interpreter traverses the integration model andunderstands which interactions may be sent or receivedSynthesizes glue code for each router in the system thatneeds to communicate data to other federatesOMNeT internal simulation clock is synchronized withthe RTIIf a message timestamp is outside the current simulationinterval, OMNeT requests the RTI for permission toproceed to the next time stepRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsSimulinkInterpreter generates code to integrate Simulink modelwith C2WindTunnelS-function block in each model for each interactionSynthesized integration code synchronizes simulation timePerformance penalties must be weighed against timingerrors to decide on time-stepsRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsAttacksDDOS-like attacks are simulated on system, targetingvarious routersSaturated with external communication requests from largenumber of zombie nodesRendered slow, effectively unavailable legitimate dataController, feed and product routers are attacked from30-second mark to 60-second mark out of simulation timeof 150 secondsRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsAttack on Controller Router0.2520.25Operating Cost ( ime (s)Figure: All sensors, valve controls blocked, plant resets and resumesnormal operation after attack.Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsAttack on Feed Router0.2520.25Operating Cost ( ime (s)Figure: Feed 1 and feed 2 sensors, valve controls blocked, no effecton plantRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsAttack on Product Router0.2520.25Operating Cost ( ime (s)Figure: Several sensors, purge valve controller blocked, plant isuncontrolled for duration of attack, recovers after attack has ceasedRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsConclusionsEffects of each individual attack are hard to predict andcompare analyticallyFor a complicated system, calculating effects would requireintensive analytical computations, could be intractableSimulation is the best way to estimate effects, to implementand compare network configurations and redundanciesIn proof-of-concept implementation of SCADA system,C2WindTunnel facilitated interaction and data transferbetween environments and monitoring response to attacksRohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsFuture WorkSimulation can be used to analyze the current network andcontroller and develop more robust control algorithms andimprove the networkExpanding the SCADA system itself to employ a faultdetection and isolation and/or an intrusion detectionsystemObserving the effect of other common network securityattacks on integrity and confidentiality of the dataSimulation of systems including hardware-in-the-loop.Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsAcknowledgementsThis work was supported in part by TRUST (Team for Researchin Ubiquitous Secure Technology), which receives support fromthe National Science Foundation (NSF award numberCCF-0424422) and the following organizations: AFOSR(#FA9550-06-1-0244), BT, Cisco, DoCoMo USA Labs, EADS,ESCHER, HP, IBM, iCAST, Intel, Microsoft, ORNL, Pirelli,Qualcomm, Sun, Symantec, TCS, Telecom Italia and UnitedTechnologies.Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsReferences IN. Lawrence Ricker, Model predictive control of acontinuous, nonlinear, two-phase reactor. Journal ofProcess Control, Volume 3, Issue 2, May 1993, Pages109-123.J. O. Calvin, R. Weatherly, An introduction to the high levelarchitecture (HLA) runtime infrastructure (RTI).Proceedings of the 14th Workshop on Standards for theInteroperability of Defence Simulations, Orlando, FL, March1996, pp. 705-715.Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
IntroductionC2WindTunnelThe SimulationThe SystemAttacksObservations and ConclusionsReferences IIG. Hemingway, H. Neema, H. Nine, J. Sztipanovits, G.Karsai, Rapid Synthesis of HLA-Based HeterogeneousSimulation: A Model-Based Integration Approach. inreview for Simulation.R. Crosbie, J. Zenor, High Level Architecture.http://www.ecst.csuchico.edu/ hla/.HLA standard - IEEE standard for modeling and simulation(M&S) high-level architecture (HLA) — framework andrules. IEEE Std. 1516-2000, pp.i-22, 2000OMNeT Simulation Package.http://www.omnetpp.org/Rohan ChabukswarSimulation of Network Attacks on SCADA Systems
The Simulation Security of SCADA Systems Simulation of SCADA Systems Simulation of SCADA Systems It is essential to model and simulate communication networks to study mission critical situations SCADA system is composed of units in domains like dynamic systems, networks and physical environments Each of these units can be modeled using a variety of
injection) Code injection attacks: also known as "code poisoning attacks" examples: Cookie poisoning attacks HTML injection attacks File injection attacks Server pages injection attacks (e.g. ASP, PHP) Script injection (e.g. cross-site scripting) attacks Shell injection attacks SQL injection attacks XML poisoning attacks
APNIC 46 Network security workshop, deployed 7 honeypots to a cloud service 21,077 attacks in 24 hours Top 5 sensors –training06 (8,431 attacks) –training01 (5,268 attacks) –training04 (2,208 attacks) –training07 (2,025 attacks) –training03 (1,850 attacks)
3 Cloud Computing Attacks a. Side channel attacks b. Service Hijacking c. DNS attacks d. Sql injection attacks e. Wrapping attacks f. Network sniffing g. Session ridding h. DOS / DDOS attacks 4 Securing Cloud computing a. Cloud security control layers b. Responsibilites in Cloud Security c. OWASP top 10 Cloud Security 5 Cloud Security Tools a.
Detection of DDoS attacks using RNN-LSTM and Hybrid model ensemble. Siva Sarat Kona 18170366 Abstract The primary concern in the industry is cyber attacks. Among all, DDoS attacks are at the top of the list. The rapid increase in cloud migration also increases the scope of attacks. These DDoS attacks are of di erent types like denial of service,
2.2 BGP interception attacks BGP attacks involve an AS making BGP announcements to maliciously attract traffic destined to another AS's prefix, and have been traditionally divided into two categories based on how the attacks impact the data plane [46]. The first category is BGP hijack attacks where an adversary uses a
network simulation, network emulation, NS3, discrete-event simulation, simulation credibility, model validation 1. INTRODUCTION Over the last decade network simulation has become increas-ingly important. One reason for that is the rapid growth of the Internet and networks in general. Therefore new potent
build encrypted circuits through them Tor network client entry middle exit server. Tor network client entry middle exit server. . RAPTOR Attacks RAPTOR Attacks: User anonymity decreases over time due to BGP dynamics. All your traffic belongs to me 1 Attacks Results Eyes wide open 2 Countermeasures Close the curtains 3 RAPTOR: Routing Attacks .
host are open for TCP connections – Denial-of-service attacks: network attacks meant to overwhelm a host and shut out legitimate accesses – Malware attacks: replicating malicious software attacks, such as Trojan horses, computer worms, viruses, etc. – A
