Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach
Abstract
:1. Introduction
2. Related Work
2.1. The Authentication of the Industrial Internet of Things
2.2. The Denial of Service Attacks on Industrial Internet of Things
2.3. The Authentication for DoS Defense in IoT Environment
2.4. The DDoS Attack Tools
3. Problem Definition
4. Trusted Encrypted Validator Module (TEVM) Based on Token Authentication
4.1. Authentication Mechanism
4.2. Generating Token
5. Experiment
5.1. Simulation of Experimental Environment
5.2. Verifying the TEVM Mechanism
5.3. Performance Analysis
6. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Boyer, S.A. Supervisory Control and Data Acquisition, 4th ed.; International Society of Automation: Research Triangle Park, NC, USA, 2009. [Google Scholar]
- Webb, J.W.; Reis, R.A. Programmable Logic Controllers Principles and Applications, 5th ed.; Phi Learning Private Limited: Delhi, India, 2002. [Google Scholar]
- Bobat, A.; Gezgin, T.; Aslan, H. The SCADA system applications in management of Yuvacik Dam and Reservoir. Desalin. Water Treat. 2015, 54, 2108–2119. [Google Scholar] [CrossRef]
- Stouffer, K.; Pillitteri, V.; Lightman, S.; Abrams, M.; Hahn, A. Guide to Industrial Control Systems (ICS) Security; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2014.
- Miśkowicz, M. Unfairness of Random Access with Collision Avoidance in Industrial Internet of Things Networks. Sensors 2021, 21, 7135. [Google Scholar] [CrossRef] [PubMed]
- Parras, J.; Zazo, S. Repeated Game Analysis of a CSMA/CA Network under a Backoff Attack. Sensors 2019, 19, 5393. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Khan, F.; Rehman, A.; Yahya, A.; Jan, M.A.; Chuma, J.; Tan, Z.; Hussain, K. A Quality of Service-Aware Secured Communication Scheme for Internet of Things-Based Networks. Sensors 2019, 19, 4321. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Kambourakis, G.; Kolias, C.; Stavrou, A. The Mirai botnet and the IoT Zombie Armies. In Proceedings of the MILCOM 2017—2017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, USA, 23–25 December 2017; pp. 267–272. [Google Scholar] [CrossRef]
- Francino, P.N.; Huff, C. Energy Management System. US Patent 9,335,748, 2016. [Google Scholar]
- Miwa, K. Building Energy Management System. US Patent 7,797,084, 2016. [Google Scholar]
- Rotger-Griful, S.; Welling, U.; Jacobsen, R.H. Implementation of a building energy management system for residential demand response. Microprocess. Microsyst. 2017, 55, 100–110. [Google Scholar] [CrossRef]
- Mantravadi, S.; Schnyder, R.; Møller, C.; Brunoe, T.D. Securing IT/OT Links for Low Power IIoT Devices: Design Considerations for Industry 4.0. IEEE Access 2020, 8, 200305–200321. [Google Scholar] [CrossRef]
- El-hajj, M.; Fadlallah, A.; Chamoun, M.; Serhrouchni, A. A Survey of Internet of Things (IoT) Authentication Schemes. Sensors 2019, 19, 1141. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Lu, D.; Han, R.; Shen, Y.; Dong, X.; Ma, J.; Du, X.; Guizani, M. xTSeH: A Trusted Platform Module Sharing Scheme Towards Smart IoT-eHealth Devices. IEEE J. Sel. Areas Commun. 2021, 39, 370–383. [Google Scholar] [CrossRef]
- Idriss, T.A.; Idriss, H.A.; Bayoumi, M.A. A Lightweight PUF-Based Authentication Protocol Using Secret Pattern Recognition for Constrained IoT Devices. IEEE Access 2021, 9, 80546–80558. [Google Scholar] [CrossRef]
- Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.3. Available online: https://tools.ietf.org/html/rfc8446 (accessed on 1 April 2021).
- Pricop, E.; Fattahi, J.; Parashiv, N.; Zamfir, F.; Ghayoula, E. Method for authentication of sensors connected on modbus tcp. In Proceedings of the 2017 4th International Conference on Control, Decision and Information Technologies (CoDIT), Barcelona, Spain, 5–7 April 2017; pp. 679–683. [Google Scholar]
- Garg, S.; Kaur, K.; Kaddoum, G.; Choo, K.R. Toward Secure and Provable Authentication for Internet of Things: Realizing Industry 4.0. IEEE Internet Things J. 2020, 7, 4598–4606. [Google Scholar] [CrossRef]
- Garg, S.; Kaur, K.; Kaddoum, G.; Rodrigues, J.J.P.C.; Guizani, M. Secure and Lightweight Authentication Scheme for Smart Metering Infrastructure in Smart Grid. IEEE Trans. Ind. Inform. 2020, 16, 3548–3557. [Google Scholar] [CrossRef]
- Choudhary, K.; Gaba, G.S.; Butun, I.; Kumar, P. MAKE-IT—A Lightweight Mutual Authentication and Key Exchange Protocol for Industrial Internet of Things. Sensors 2020, 20, 5166. [Google Scholar] [CrossRef] [PubMed]
- Serror, M.; Hack, S.; Henze, M.; Schuba, M.; Wehrle, K. Challenges and Opportunities in Securing the Industrial Internet of Things. IEEE Trans. Ind. Inform. 2021, 17, 2985–2996. [Google Scholar] [CrossRef]
- Stute, M.; Agarwal, P.; Kumar, A.; Asadi, A.; Hollick, M. LIDOR: A Lightweight DoS-Resilient Communication Protocol for Safety-Critical IoT Systems. IEEE Internet Things J. 2020, 7, 6802–6816. [Google Scholar] [CrossRef]
- Borgiani, V.; Moratori, P.; Kazienko, J.F.; Tubino, E.R.R.; Quincozes, S.E. Toward a Distributed Approach for Detection and Mitigation of Denial-of-Service Attacks Within Industrial Internet of Things. IEEE Internet Things J. 2021, 8, 4569–4578. [Google Scholar] [CrossRef]
- Tajalli, S.Z.; Mardaneh, M.; Fard, E.T.; Izadian, A.; Fard, A.K.; Dabbaghjamanesh, M.; Niknam, T. DoS-Resilient Distributed Optimal Scheduling in a Fog Supporting IIoT-Based Smart Microgrid. IEEE Trans. Ind. Appl. 2020, 56, 2968–2977. [Google Scholar] [CrossRef]
- Ghosh, S.; Sampalli, S. A Survey of Security in SCADA Networks: Current Issues and Future Challenges. IEEE Access 2019, 7, 135812–135831. [Google Scholar] [CrossRef]
- Lyu, C.; Zhang, X.; Liu, Z.; Chi, C. Selective Authentication Based Geographic Opportunistic Routing in Wireless Sensor Networks for Internet of Things Against DoS Attacks. IEEE Access 2019, 7, 31068–31082. [Google Scholar] [CrossRef]
- Ghahramani, M.; Javidan, R.; Shojafar, M.; Taheri, R.; Alazab, M.; Tafazolli, R. RSS: An Energy-Efficient Approach for Securing IoT Service Protocols Against the DoS Attack. IEEE Internet Things J. 2021, 8, 3619–3635. [Google Scholar] [CrossRef]
- Dammak, M.; Boudia, R.R.M.; Messous, M.A.; Senouci, S.M.; Gransart, C. Token- based lightweight authentication to secure iot networks. In Proceedings of the 2019 16th IEEE Annual Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, USA, 11–14 January 2019; pp. 1–4. [Google Scholar]
- HULK. Available online: https://github.com/grafov/hulk (accessed on 4 December 2021).
- Slowloris. Available online: https://github.com/gkbrk/slowloris (accessed on 4 December 2021).
- Shorey, T.; Subbaiah, D.; Goyal, A.; Sakxena, A.; Mishra, A.K. Performance Comparison and Analysis of Slowloris, GoldenEye and Xerxes DDoS Attack Tools. In Proceedings of the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India, 19–22 September 2018; pp. 318–322. [Google Scholar] [CrossRef]
- Fadhlillah, A.; Karna, N.; Irawan, A. IDS Performance Analysis using Anomaly-based Detection Method for DOS Attack. In Proceedings of the 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS), Bali, Indonesia, 27–28 January 2021; pp. 18–22. [Google Scholar] [CrossRef]
- Nxumalo, Z.C.; Tarwireyi, P.; Adigun, M.O. Towards privacy with tokenization as a service. In Proceedings of the 2014 IEEE 6th International Conference on Adaptive Science and Technology (ICAST), Ota, Nigeria, 29–31 October 2014; pp. 1–6. [Google Scholar]
Item | Description |
---|---|
src_ip | the IP of the applicant (device) |
src_hostname | the hostname of the applicant |
src_mac_addr | the mac address of the applicant |
dst_ip | the IP of the verifier |
dst_port | the socket port of the verifier |
dst_hostname | the hostname of the verifier |
dst_mac_addr | the mac address of the verifier |
Item | Description |
---|---|
iss | TBAS represented here by the IP of TBAS |
iat | the time when the token was generated |
exp | the expiry date of the token |
aud | the IP of the applicant |
hostname | the hostname of the applicant |
mac_addr | the mac address of the applicant |
priority | the priority of the token |
service_type | the type of the token |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yang, Y.-S.; Lee, S.-H.; Chen, W.-C.; Yang, C.-S.; Huang, Y.-M.; Hou, T.-W. Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach. Appl. Sci. 2022, 12, 530. https://doi.org/10.3390/app12010530
Yang Y-S, Lee S-H, Chen W-C, Yang C-S, Huang Y-M, Hou T-W. Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach. Applied Sciences. 2022; 12(1):530. https://doi.org/10.3390/app12010530
Chicago/Turabian StyleYang, Yu-Sheng, Shih-Hsiung Lee, Wei-Che Chen, Chu-Sing Yang, Yuen-Min Huang, and Ting-Wei Hou. 2022. "Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach" Applied Sciences 12, no. 1: 530. https://doi.org/10.3390/app12010530
APA StyleYang, Y.-S., Lee, S.-H., Chen, W.-C., Yang, C.-S., Huang, Y.-M., & Hou, T.-W. (2022). Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach. Applied Sciences, 12(1), 530. https://doi.org/10.3390/app12010530