Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Locating subverted processes using random packet comparison in SCADA systems

Locating subverted processes using random packet comparison in SCADA systems A supervisory control and data acquisition (SCADA) system may be subject to integrity attacks. Anomalies in sensor measurements may be used to detect these attacks, but such techniques do not permit us to locate attacking nodes. We propose a novel technique to enable this. Each participating network node probabilistically copies packets and marks them with routing information, before encrypting them with private keys and forwarding them to the operator. Nodes regularly release the keys used to encrypt packets. At that point, the operator may compare the copied packets with the original. Using the differences in packet content and routing information, it is possible to deduce to within one or two processes the location of an attack. Our approach is based on IP traceback techniques originally used for detecting the origin of denial of service attacks. The complexity of the approach is low and the technique can be shown to be resilient to counter-attack. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Critical Infrastructures Inderscience Publishers

Locating subverted processes using random packet comparison in SCADA systems

Loading next page...
 
/lp/inderscience-publishers/locating-subverted-processes-using-random-packet-comparison-in-scada-xH89UuexBk

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd. All rights reserved
ISSN
1475-3219
eISSN
1741-8038
DOI
10.1504/IJCIS.2013.051609
Publisher site
See Article on Publisher Site

Abstract

A supervisory control and data acquisition (SCADA) system may be subject to integrity attacks. Anomalies in sensor measurements may be used to detect these attacks, but such techniques do not permit us to locate attacking nodes. We propose a novel technique to enable this. Each participating network node probabilistically copies packets and marks them with routing information, before encrypting them with private keys and forwarding them to the operator. Nodes regularly release the keys used to encrypt packets. At that point, the operator may compare the copied packets with the original. Using the differences in packet content and routing information, it is possible to deduce to within one or two processes the location of an attack. Our approach is based on IP traceback techniques originally used for detecting the origin of denial of service attacks. The complexity of the approach is low and the technique can be shown to be resilient to counter-attack.

Journal

International Journal of Critical InfrastructuresInderscience Publishers

Published: Jan 1, 2013

There are no references for this article.