Analysis of the security of VPN configurations in industrial control environments

International Journal of Critical Infrastructure Protection

Volumn 5, Issue 1, 2012, Pages 3-13

  Rahimi, Sanaz ^a   Zargham, Mehdi ^a  

^a Southern Illinois University   (United States)

Author keywords

Control systems; Security analysis; Simulation; Virtual private networks

Indexed keywords

INDUSTRIAL CONTROLS; INDUSTRIAL DEPLOYMENT; PARAMETER DEPENDENCE; PROBABILISTIC MODELS; SECURITY ANALYSIS; SIMULATION;

CONTROL SYSTEM ANALYSIS; CONTROL SYSTEMS; VIRTUAL PRIVATE NETWORKS;

COMPUTER SIMULATION;

EID: 84858290582     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2012.01.001     Document Type: Article

References (28)

1. Alsiherov F., Kim T. Research trends on secure SCADA network technology and methods. WSEAS Transactions on Systems and Control 2010, 8(5):635-645.
2. International Electrotechnical Commission, Communication Network and System Security-Profiles including TCP/IP, Technical Specification IEC TS 62351-3, Geneva, Switzerland, 2007.
3. International Electrotechnical Commission, Security for IEC 60870-5 and Derivatives, Technical Specification IEC TS 62351-5, Geneva, Switzerland, 2009.
4. International Electrotechnical Commission, Security for IEC 61850, Technical Specification IEC TS 62351-6, Geneva, Switzerland, 2007.
5. N. Okabe, S. Sakane, K. Miyazawa, K. Kamada, A. Inoue, M. Ishiyama, Security architecture for control networks using IPSec and KINK, in: Proceedings of the Symposium on Applications and the Internet, pp. 414-420, 2005.
6. Patel S., Bhatt G., Graham J. Improving the cyber security of SCADA communication networks. Communications of the ACM 2009, 52(7):139-142.
7. Majdalawieh M. Security Framework for DNP3 and SCADA 2008, VDM Verlag, Saarbruken, Germany.
8. International Electrotechnical Commission, IEC 61850 Standard, Technical Specification IEC TS 61850, Geneva, Switzerland, 2003.
9. Modbus-IDA, Modbus Application Protocol Specification V.1.1b, Hopkinton, Massachusetts, 2006. http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf.
10. R. Hills, Common VPN security flaws, White Paper, NTA Monitor, Rochester, United Kingdom, 2005. http://www.nta-monitor.com/posts/2005/01/VPN-Flaws-Whitepaper.pdf.
11. R. Brown, Stuxnet worm causes industry concern for security firms, Mass High Tech, Boston, Massachusetts, October 19, 2010. http://www.masshightech.com/stories/2010/10/18/daily19-Stuxnet-worm-causes-industry-concern-for-security-firms.html.
12. Sanders W., Meyer J. Stochastic activity networks: formal definitions and concepts. Lectures on Formal Methods and Performance Analysis (LNCS 2090) 2001, 315-343. Springer Verlag, Berlin-Heidelberg, Germany. E. Brinksma, H. Hermanns, J. Katoen (Eds.).
13. Balbo G. Introduction to stochastic Petri nets. Lectures on Formal Methods and Performance Analysis (LNCS 2090) 2001, 84-155. Springer-Verlag, Berlin-Heidelberg, Germany. E. Brinksma, H. Hermanns, J. Katoen (Eds.).
14. K. Paterson, A cryptographic tour of the IPSec standards, Information Security Technical Report, vol. 11, (2), pp. 72-81, 2006.
15. M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in: Proceedings of the Sixteenth International Cryptology Conference, pp. 1-15, 1996.
16. Harkins D., Carrel D. The internet key exchange (IKE). RFC 1998, 2409.
17. N. Nayak, S. Ghosh, Different flavors of man-in-the-middle attack: Consequences and feasible solutions, in: Proceedings of the Third IEEE International Conference on Computer Science and Information Technology, pp. 491-495, 2010.
18. Pereira R., Beaulieu S. Extended authentication within ISAKMP/Oakley (XAUTH). Internet Draft 1999.
19. Deavours D., Clark G., Courtney T., Daly D., Derisavi S., Doyle J., Sanders W., Webster P. The Mobius framework and its implementation. IEEE Transactions on Software Engineering 2002, 28(10):956-969.
20. P. Li, W. Zhou, Y. Wang, Getting the real-time precise roundtrip time for stepping stone detection, in: Proceedings of the Fourth International Conference on Network and System Security, pp. 377-382, 2010.
21. S. Dispensa, How to reduce malware-induced security breaches, March 31, 2010.
22. D. Wang, B. Madan, K. Trivedi, Security analysis of SITAR intrusion tolerance system, in: Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems, pp. 23-32, 2003.
23. Singh S., Cukier M., Sanders W. Probabilistic validation of an intrusion-tolerant replication system. Proceedings of the International Conference on Dependable Systems and Networks 2003, 615-624.
24. Gungor V., Lambert F. A survey on communication networks for electric system automation. Computer Networks 2006, 50(7):877-897.
25. Sempere V., Albero T., Silvestre J. Analysis of communication alternatives in a heterogeneous network for a supervision and control system. Computer Communications 2006, 29(8):1133-1145.
26. F. Alsiherov, T. Kim, Secure SCADA network technology and methods, in: Proceedings of the Twelfth WSEAS International Conference on Automatic Control, Modeling and Simulation, pp. 434-438, 2010.
27. H. Hamed, E. Al-Shaer, W. Marrero, Modeling and verification of IPSec and VPN security policies, in: Proceedings of the Thirteenth IEEE International Conference on Network Protocols, pp. 259-278, 2005.
28. N. Baukari, A. Aljane, Security and auditing of VPN, in: Proceedings of the Third International Workshop on Services in Distributed and Networked Environments, pp. 132-138, 1996.