Date of Award

3-14-2014

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD.

Abstract

In the past, SCADA networks were made secure through undocumented, proprietary protocols and isolation from other networks. Today, modern information technology (IT) solutions have provided a means to enhance remote access through use of the Internet. Unfortunately, opening SCADA networks to the Internet has provided routes of attack. Cyber attacks on these networks are becoming more common and can inflict considerable damage to critical infrastructure systems. Furthermore, devices on these networks can be infected with malware that causes them to falsify their responses to operators, concealing alternate operation or hiding alarm conditions. Considering their applications, securing these networks translates to improved physical security in the real world. Since modern IT solutions are impractical to deploy in the resource constrained SCADA networks, other solutions must be researched. This research evaluates an integrity verification system implemented on a Xilinx ML507 development board called the SIEVE system. The design incorporates Bloom filters and SCADA-specific intrusion detection techniques to speed identification of invalid commands and current sensing to investigate whether or not a device correctly carried out a given command. Results show that the SIEVE system is able to inspect and correctly identify 100% of network traffic at a 200 command per second frequency. Correct identification of valid MODBUS/TCP traffic begins to fail at 350 commands per second, introducing false positives. Tests of the Bloom filters show that they reduce the time necessary to process and log invalid MODBUS/TCP commands by 4.5% to 2328.06% depending on the number of operations performed by the command.

AFIT Designator

AFIT-ENG-14-M-25

DTIC Accession Number

ADA599793

Download

Share

COinS