KR20140043537A - Secure communication apparatus and method for securing scada communication network - Google Patents

Secure communication apparatus and method for securing scada communication network Download PDF

Info

Publication number
KR20140043537A
KR20140043537A KR1020120105705A KR20120105705A KR20140043537A KR 20140043537 A KR20140043537 A KR 20140043537A KR 1020120105705 A KR1020120105705 A KR 1020120105705A KR 20120105705 A KR20120105705 A KR 20120105705A KR 20140043537 A KR20140043537 A KR 20140043537A
Authority
KR
South Korea
Prior art keywords
dnp
data
secure
control command
response
Prior art date
Application number
KR1020120105705A
Other languages
Korean (ko)
Other versions
KR102018064B1 (en
Inventor
최문석
백종목
임용훈
주성호
김충효
윤현진
임유석
Original Assignee
한국전력공사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전력공사 filed Critical 한국전력공사
Priority to KR1020120105705A priority Critical patent/KR102018064B1/en
Publication of KR20140043537A publication Critical patent/KR20140043537A/en
Application granted granted Critical
Publication of KR102018064B1 publication Critical patent/KR102018064B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a secure communication apparatus and method for securing a SCADA (Supervisory Control And Data Acquisition) communication network. According to an embodiment of the present invention, a secure communication device for securing a SCADA communication network between a master and an outstation that is a subnode of the master may include a distributed network protocol (DNP) control command or a DNP from the master or the outstation. A first data receiver configured to receive DNP data including a response; An offensive mode component configured to generate secure DNP data by applying an offensive mode that attaches DNP message authentication data corresponding to a DNP standard security policy to the DNP data; And a first data transmitter for transmitting the DNP data or the secure DNP data to another secure communication device.

Figure P1020120105705

Description

Secure communication apparatus and method for securing SCDA communication network

The present invention relates to a secure communication apparatus and method for securing a SCADA communication network, and performs a function of generating secure DNP data by applying an offensive mode to attach DNP message authentication data corresponding to a DNP standard security policy to DNP data. By performing two-way data authentication using a secure communication device, SCADA communication network can be controlled more securely and security for SCADA communication network security that can minimize the transmission time delay caused by performing security functions to ensure the integrity of DNP data. A communication device and method are disclosed.

Supervisory Control And Data Acquisition (SCADA) system is a system for centralized monitoring and control of remote facility devices. The SCADA system receives, records, displays and collects the status information data of the remote device to an outstation, which is a remote device, using analog or digital signals on the communication path, especially in the field of power generation and distribution. By transmitting to Master, the system, the central control system monitors and controls the remote devices.

In order to protect the communication network of such SCADA system, Secure Authentication is included in the IEEE 1815 DNP 3.0 standard. Security authentication is a protocol that changes only the application layer of the existing DNP 3.0 specification to protect DNP data from cyber attacks such as eavesdropping, data forgery, and retransmission attack, and adds a security mechanism to guarantee authentication and integrity. DNP 3.0 security authentication does not provide encryption to maintain the confidentiality of messages, but does provide authentication to ensure the integrity of sensitive messages, such as control commands sent from the master to the outstation. Secure authentication provides a challenge-response authentication mode for authentication. The challenge-response mode is a basic authentication mode, as shown in FIG. 1, sends an authentication challenge including a random number for authentication, receives an authentication response thereto, and verifies that the response is valid. do.

As described above, in order to protect the SCADA communication network, the IEEE 1815 standard proposes a security standard called security certification, but the existing power control system is developed and operated without considering security, and in the DNP 3.0 security certification, the power control system It is difficult to apply the security function to the power control system in operation because it proposes the method to install the security function in the master and the outstation.

First, DNP 3.0 security certification is often not provided in most SCADA systems that are already built as application level protocols, and in order to provide the security functions suggested by the security certification, the entire existing system is newly added. Since it needs to be replaced with a system, it requires a lot of construction cost for security, and there are many problems in practical application such as a power service supply interruption problem due to system replacement.

Second, it is difficult to guarantee the availability of power services. Electric power service is a basic service of modern society, and if there is a problem with stable power supply, it will not only be difficult to maintain basic social activities, but also cause national losses. The biggest function of power control system is to supply stable power service. To this end, current power control system applies various mechanisms such as system redundancy and communication line redundancy. However, when the security function is installed in the master and out station constituting the power control system, the security function to ensure the integrity of the DNP data affects the entire power control system when malfunctioning. Therefore, DNP data transmission and reception for power equipment status information collection and control is performed. Will fail. Eventually, the DNP data transmission failure causes difficulty in securing the availability of power service, which is a basic function of the power control system.

Another problem with DNP 3.0 security authentication is one-way data authentication. Substation operation information such as response to control command, measurement, and monitoring are important basic information to determine the operation of power equipment such as switch opening and closing. Therefore, if such operation information is forged and transmitted to the power system server, the system operator can change the current power. The misoperation of the plant's operation can lead to incorrect control commands, which can lead to power supply problems. It is also necessary to protect the control command that directly affects the operation of the power plant, but as described above, substation operation information such as response to the control command, measurement, and monitoring is also important information, and thus protection is required.

However, the challenge-response authentication scheme presented in DNP 3.0 security authentication provides only one-way authentication for control commands and no response for response, as shown in FIG.

In addition, since the security vulnerability of the DNP 3.0 specification itself is disclosed, it is increasingly possible for an attacker with malicious intention to attack the DNP-based SCADA system using the above vulnerability, but in the conventional SCADA system, a forged DNP message is used. There is no way to detect and block.

Therefore, it is necessary to develop a DNP security system to ensure the integrity of the DNP request and response data while minimizing the cost of replacing and improving the power control system. In addition, the DNP security system should be able to detect and block forged DNP messages, and in the event of a malfunction of the security function, it can be configured to deliver DNP request and response data stably with a simple operation. Should not.

In this regard, Korean Patent Laid-Open Publication No. 2010-0078584 discloses "a multiple encryption apparatus and method for SCADA communication security".

An object of the present invention is to perform a two-way data authentication by using a secure communication device that performs the function of generating a secure DNP data by applying the offensive mode of attaching DNP message authentication data corresponding to the DNP standard security policy to the DNP data, The present invention provides a secure communication apparatus and method for SCADA communication network security that can more safely control the SCADA communication network and minimize the transmission time delay caused by performing security functions to ensure the integrity of DNP data.

According to an embodiment of the present invention, a secure communication device for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a sub-node of the master is the master or the outstation. A first data receiving unit for receiving DNP data including a DNP control command or a DNP response from the first data receiving unit; An offensive mode component configured to generate secure DNP data by applying an offensive mode that attaches DNP message authentication data corresponding to a DNP standard security policy to the DNP data; And a first data transmitter for transmitting the DNP data or the secure DNP data to another secure communication device.

The offensive mode configuration unit may generate the DNP message authentication data using a class-specific control session key or class-specific monitoring session key classified according to the DNP control command or the function code of the DNP response.

The offensive mode configuration unit may generate secure DNP data by applying an offensive mode for each frame of the DNP data.

The secure communication device for securing the SCADA communication network, by analyzing the function code of the DNP data received from the first data receiving unit to determine whether the DNP data corresponds to the critical (critical) DNP data related to power supply, If the DNP data is the critical DNP data may further include a data determination unit for transmitting the DNP data to the offensive mode configuration unit, and if not the DNP data to deliver the DNP data to the first data transmission unit.

The data determining unit determines whether the DNP control command is received from an authorized SCADA server when the DNP data received by the first data receiving unit is DNP data including a DNP control command received from the master, When the DNP control command is received from the authorized SCADA server, it is determined whether the DNP data received by the first data receiver corresponds to the critical DNP data. Otherwise, the packet of the DNP data is dropped ( drop).

The secure communication device for the SCADA communication network security, the second data receiving unit for receiving DNP data or secure DNP data from another secure communication device; A secure DNP data verification unit verifying whether the DNP message authentication data attached to the secure DNP data corresponds to the DNP standard security policy when the data received by the second data receiver is secure DNP data; A data reconstruction unit reconstructing the secure DNP data into the DNP data when the DNP message authentication data is verified by the secure DNP data verification unit to correspond to the DNP standard security policy; And a second data transmitter for transmitting the DNP data received from the second data receiver or the DNP data reconstructed by the data reconstruction unit to the master or the out station.

The secure communication device for securing the SCADA communication network, the control command forgery detection signature (signature) when the secure DNP data verified by the secure DNP data verification unit is secure DNP data including a DNP control command received from the master A control command forgery detection for detecting whether the security DNP data is forged or not based on a database; It may further include wealth.

According to an embodiment of the present invention, a secure communication method for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a sub-node of the master may include (a) master secure communication. Receiving, by the device, DNP control command data including a Distributed Network Protocol (DNP) control command from the master; (b) generating secure DNP control command data by applying an offensive mode to attach DNP control command authentication data corresponding to a DNP standard security policy to the DNP control command data; And (c) transmitting the DNP control command data or the secure DNP control command data to a slave secure communication device.

The step (b) may include generating the DNP control command authentication data by using a session-specific session key for classification according to a function code of the DNP control command.

Step (b) may include generating secure DNP control command data by applying an offensive mode for each frame of the DNP control command data.

The secure communication method for the SCADA communication network security, (d) analyzing the function code of the DNP control command data received in the step (a) and the DNP control command data to the critical (critical) DNP data related to power supply The method may further include determining whether it is applicable. In this case, when the DNP control command data is critical DNP data, step (b) may be performed. Otherwise, step (c) may be performed.

The secure communication method for securing the SCADA communication network may further include (e) determining whether the DNP control command is received from an authorized SCADA server. In this case, if the DNP control command is received from an authorized SCADA server, the step (d) may be performed. If not, the step of dropping a packet of the DNP control command data may be performed. have.

The secure communication method for securing the SCADA communication network may include: (f) receiving, by the slave secure communication device, DNP control command data or secure DNP control command data from the master secure communication device; (g) if the data received in step (f) is secure DNP control command data, verifying whether the DNP control command authentication data attached to the secure DNP control command data corresponds to the DNP standard security policy; (h) reconstructing the secure DNP control command data into the DNP control command data when the DNP control command authentication data is verified to correspond to the DNP standard security policy; And (i) transmitting the DNP control command data received in step (f) or the DNP control command data reconstructed in step (h) to the out station.

The secure communication method for security of the SCADA communication network may further include detecting (j) forgery of the secure DNP control command data verified in step (g) based on a control command forgery detection signature database. It may include. In this case, if the secure DNP control command data is normal, step (h) may be performed, and if forgery is detected, dropping the packet of the secure DNP data may be performed.

According to another embodiment of the present invention, a secure communication method for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a subordinate node of the master is (k) slave secure communication. A device receiving DNP response data including a Distributed Network Protocol (DNP) response from the outstation; (1) generating secure DNP response data by applying an offensive mode to attach DNP response authentication data corresponding to a DNP standard security policy to the DNP response data; And (m) transmitting the DNP response data or the secure DNP response data to a master secure communication device.

The step (l) may include generating the DNP response authentication data by using a monitoring session key for each level classified according to a function code of the DNP response.

The step (l) may include generating secure DNP response data by applying an offensive mode for each frame of the DNP response data.

The secure communication method for securing the SCADA communication network may include (n) analyzing a function code of the DNP response data received in step (k) to determine whether the DNP response data corresponds to critical DNP data related to power supply. The method may further include determining whether or not. In this case, if the DNP response data is critical DNP data, step (l) may be performed, and if not, step (m) may be performed.

The secure communication method for securing the SCADA communication network may include: (o) receiving, by the master secure communication device, DNP response data or secure DNP response data from the slave secure communication device; (p) if the data received in step (o) is secure DNP response data, verifying whether the DNP response authentication data attached to the secure DNP response data corresponds to the DNP standard security policy; (q) reconstructing the secure DNP response data into the DNP response data when the DNP response authentication data is verified to correspond to the DNP standard security policy; And (r) transmitting the DNP response data received in step (o) or the DNP response data reconstructed in step (q) to the master.

According to an aspect of the present invention, two-way data authentication is performed using a secure communication device that performs a function of generating secure DNP data by applying an offensive mode to attach DNP message authentication data corresponding to a DNP standard security policy to DNP data. By performing the above, it is possible to provide a secure communication apparatus and method for SCADA communication network security that can more securely control the SCADA communication network and minimize the transmission time delay due to the security function to ensure the integrity of the DNP data.

1 is a protocol flow diagram for a challenge-response scheme, which is a conventional authentication scheme recommended in the DNP standard.
2 is a view showing an example of the configuration of the entire system for practicing the present invention.
3 is a protocol flow diagram for a method of authenticating and controlling a secure communication device for securing a SCADA communication network using a conventional challenge-response method recommended in the DNP standard.
4 is a protocol flowchart for an offensive mode authentication method applied in an embodiment of the present invention.
FIG. 5 is a protocol flowchart of an authentication and control method of a secure communication device for securing a SCADA communication network using an offensive mode applied in an embodiment of the present invention.
6 is a block diagram of the configuration of a secure communication device for SCADA communication network security according to an embodiment of the present invention.
7 is a block diagram of a configuration of a master secure communication device for securing a SCADA communication network according to an embodiment of the present invention.
8 is a block diagram of a configuration of a slave secure communication device for securing a SCADA communication network according to an embodiment of the present invention.
9 is a flowchart illustrating an example of a message authentication and control method in a master secure communication device that receives data from a master.
10 is a flowchart illustrating an example of a message verification and forgery detection method in a slave secure communication device that receives data from a master secure communication device.
11 is a flowchart illustrating an example of a message authentication and control method in a slave secure communication device that receives data from an out station.
12 is a flowchart illustrating an example of a message verification method in a master secure communication device receiving data from a slave secure communication device.

The present invention will now be described in detail with reference to the accompanying drawings. Hereinafter, a repeated description, a known function that may obscure the gist of the present invention, and a detailed description of the configuration will be omitted. Embodiments of the present invention are provided to more fully describe the present invention to those skilled in the art. Accordingly, the shapes and sizes of the elements in the drawings and the like can be exaggerated for clarity.

2 is a view showing an example of the configuration of the entire system for practicing the present invention.

Referring to FIG. 2, a secure communication system for securing a SCADA communication network according to an embodiment of the present invention includes a master 10, an out station 20 that is a subordinate node of the master 10, and the master 10. The master secure communication device 110 and the slave secure communication device for providing DNP data authentication function and forgery detection function for DNP (Distribute Network Protocol) data transmitted through the SCADA communication network 30 between the out station 20 ( 120).

According to the secure communication system for SCADA communication network security according to an embodiment of the present invention, when the DNP control command data including the DNP control command (request) from the master 10 is transmitted to the master secure communication device 110, In the master secure communication device 110, the DNP control command data is analyzed and message authentication is performed in an offensive mode to generate secure DNP control command data. The generated secure DNP control command data is transmitted to the slave secure communication device 120 through the SCADA communication network 30, and the slave secure communication device 120 performs verification on the secure DNP control command data and detects the forgery. After transmission to the outstation 20.

On the other hand, when the DNP response data including the DNP response from the outstation 20 is transmitted to the slave secure communication device 120, the DNP response data is analyzed in the slave secure communication device 120 and the message is authenticated in the offensive mode. To generate secure DNP response data. It is transmitted to the master secure communication device 110 via the SCADA communication network 30, the master secure communication device 110 performs verification on the secure DNP response data and transmits to the master (10).

As shown in FIG. 2, the secure communication system for securing a SCADA communication network according to an embodiment of the present invention includes an out station 20 that is a sub-node of the master 10 and the master 10 in the SCADA communication network 30. The change of the existing power control system for DNP data protection was minimized by separately configuring a secure communication device for protecting DNP data transmitted through the SCADA communication network 30. In addition, the secure communication system for SCADA communication network security according to an embodiment of the present invention can be made to transmit and receive the DNP control command smoothly by a simple operation, such as switching the communication line and removing the secure communication device even when the security function malfunctions. .

However, the authentication structure of the challenge-response method (see FIG. 1) proposed by the DNP 3.0 security authentication standard is applied to both the control command and the response to the secure communication system for SCADA communication network security as shown in FIG. In this case, problems may occur in normal operation of the power system, which will be described with reference to FIG. 3.

3 is a protocol flow diagram for a method of authenticating and controlling a secure communication device for securing a SCADA communication network using a conventional challenge-response method recommended in the DNP standard.

Referring to FIG. 3, a communication flow is shown when an authentication structure of the challenge-response method (see FIG. 1) is applied to both the control command and the response to the secure communication system for securing the SCADA communication network described in FIG. 2. . At this time, since the secure communication system is a separate security communication device performs a security function, the data transmitted and received, such as the authentication challenge, the authentication response is increased, to perform a control command for the power equipment and confirm the result The procedure is too complicated. As a result, the transmission time of the DNP data is increased, and in the worst case, even if the power control system receives normal data, the maximum transmission time specified by the system is exceeded, and the data is treated as abnormal data. Problems may arise.

In order to solve this problem, the authentication method for minimizing the delay time caused by applying the challenge-response authentication mode to both the control command and the response to the secure communication system for the SCADA communication network security described in FIG. Needs to be. To this end, in one embodiment, the secure communication system for SCADA communication network security can shorten the execution time of the security function by delivering secure DNP data in addition to the authentication data for ensuring DNP message integrity in offensive mode. Offensive mode will be described with reference to FIG. 4 below.

4 is a protocol flowchart for an offensive mode authentication method applied in an embodiment of the present invention.

Referring to FIG. 4, the offensive mode is an authentication method for eliminating delays and overhead occurring in the challenge-response mode, and includes an authentication response in control command data requiring the master 10 to authenticate. It is a method of attaching and transmitting authentication data. In the offensive mode, since the challenge-response procedure in general message transmission is not performed separately, transmission time delay due to the execution of a security function can be minimized because there is less data transmitted and received.

FIG. 5 is a protocol flowchart of an authentication and control method of a secure communication device for securing a SCADA communication network using an offensive mode applied in an embodiment of the present invention.

Message authentication and forgery detection in a secure communication device for SCADA communication network security according to an embodiment of the present invention, when the DNP control command data arrives from the master 10, the master secure communication device 110 receives the DNP control command data; The analysis determines whether the critical DNP data for each SCADA server. Critical DNP data is a control command or response related to the power supply, and refers to data that may disrupt the power supply when an error occurs in the transmission. At this time, if the control command is issued from the unauthorized SCADA server despite the critical DNP data, the corresponding data packet is dropped. Drop the packet even if it is not an authorized function code even if it is a control command received from an authorized SCADA server. In the case of critical DNP data composed of authorized function codes of an authorized SCADA server, SCADA is configured by configuring secure DNP control command data in offensive mode, that is, by constructing secure DNP control command data including DNP message authentication data in the DNP control command data. The slave network communicates with the slave secure communication device 120 through the communication network 30. After verifying the DNP message authentication data for the DNP control command data, the slave secure communication device 120 detects whether the DNP control command data is forged or not based on the control command forgery detection signature database, and if it is normal, outputs the DNP control command data to the outstation ( 20) and drop the packet if forgery is detected.

On the other hand, when the DNP response data for the control command arrives from the outstation 20, the slave security communication device 120 analyzes the DNP response data to determine whether the critical DNP data for each SCADA server. In the case of the critical DNP data of the authorized SCADA server, the secure DNP response data is configured in the offensive mode, that is, the secure DNP response data is configured by including the DNP message authentication data in the DNP response data to secure the master through the SCADA communication network 30. Send to communication device 110. The master secure communication device 110 verifies the DNP message authentication data for the DNP response data and then transmits the DNP response data to the master 10.

6 is a block diagram of the configuration of a secure communication device for SCADA communication network security according to an embodiment of the present invention.

Referring to FIG. 6, the secure communication apparatus 100 for SCADA communication network security according to an embodiment of the present invention may include a first data receiver 101, a data determiner 102, an offensive mode component 103, A first data transmitter 104, a second data receiver 105, a secure DNP data verification unit 106, a control command forgery detection unit 107, a data reconstruction unit 108, and a second data transmitter 109. Can be configured. The secure communication apparatus 100 for SCADA communication network security shown in FIG. 6 is according to an embodiment, and its components are not limited to the embodiment shown in FIG. 6, and some components may be added as necessary. , Can be changed or deleted.

The first data receiver 101 receives DNP data including a DNP control command or a DNP response from the master 10 or the out station 20. That is, when the secure communication device 100 is a master secure communication device, the DNP data is received from the master 10, and when the secure communication device 100 is a slave secure communication device, the DNP is received from the outstation 20. Receive data.

The data determining unit 102 analyzes the function code of the DNP data received by the first data receiving unit 101 to determine whether the DNP data corresponds to the critical DNP data related to power supply, and the DNP data is the critical DNP. In the case of data, the DNP data is transmitted to the offensive mode configuration unit 103, and otherwise, the DNP data is transmitted to the first data transmission unit 104. The function code of the DNP data is a code that records the function of the corresponding DNP data. The function of the DNP data can be used to find out the influence of the corresponding DNP data on the power supply. Can be.

In addition, the data determination unit 102, when the DNP data received by the first data receiving unit 101 is DNP data including the DNP control command received from the master 10, from the SCADA server to which the DNP control command is applied; If the DNP control command is received from an authorized SCADA server, it is determined whether the received DNP data corresponds to the critical DNP data. A packet of DNP data can be dropped.

The offensive mode configuration unit 103 generates secure DNP data by applying the offensive mode of attaching DNP message authentication data corresponding to the DNP standard security policy to the DNP data. At this time, the offensive mode configuration unit 103 may generate the DNP message authentication data using a class-specific control session key or class-specific monitoring session key classified according to the DNP control command or the function code of the DNP response. In addition, the offensive mode configuration unit 103 may generate the secure DNP data by applying the offensive mode for each frame of the DNP data.

The first data transmitter 104 transmits the DNP data or the secure DNP data to another secure communication device 100 '. That is, when the secure communication device 100 is a master secure communication device, the DNP data or the secure DNP data is transmitted to a slave secure communication device, and when the secure communication device 100 is a slave secure communication device, the DNP data. Or transmit the secure DNP data to a master secure communication device. In this case, the first data transmitter 104 may transmit the DNP data or the secure DNP data to another secure communication device 100 ′ through a SCADA communication network.

The second data receiver 105 receives the DNP data or the secure DNP data from another secure communication device. That is, when the secure communication device 100 is a slave secure communication device, the DNP data or the secure DNP data is received from a master secure communication device, and when the secure communication device 100 is a slave secure communication device, the master secure communication device. Receive the DNP data or the secure DNP data from a device.

When the data received by the second data receiver 105 is secure DNP data, the secure DNP data verification unit 106 verifies whether the DNP message authentication data attached to the secure DNP data corresponds to the DNP standard security policy. do.

The control command forgery detection unit 107 controls the control command forgery detection signature when the security DNP data verified by the security DNP data verification unit 106 is secure DNP data including a DNP control command received from the master 10. signature) detects whether the secure DNP data is forged or not based on a database, and if it is normal, transmits the secure DNP data to the data reconstruction unit, and drops a packet of the secure DNP data when the forgery is detected. The control command forgery detection signature database is a database that records vulnerabilities on the DNP data link and application layer to detect illegal commands, tampering attacks, and forgeries, etc. of the DNP data.

The data reconstruction unit 108 reconstructs the secure DNP data into the DNP data when the secure DNP data verification unit 106 verifies that the DNP message authentication data corresponds to the DNP standard security policy.

The second data transmitter 109 transmits the DNP data received from the second data receiver 105 or the DNP data reconstructed by the data reconstruction unit 108 to the master 10 or the out station 20. That is, when the secure communication device 100 is a master secure communication device, the DNP data is transmitted to the master 10, and when the secure communication device 100 is a slave secure communication device, the DNP data is transmitted to the outstation 20. To send).

7 is a block diagram of a configuration of a master secure communication device for securing a SCADA communication network according to an embodiment of the present invention.

Referring to FIG. 7, a master secure communication device 110 for securing a SCADA communication network according to an embodiment of the present invention is connected to a master 10 and a slave secure communication device 120. In addition, the master secure communication device 110 includes a first data receiver 111, a data determiner 112, an offensive mode configuration unit 113, a first data transmitter 114, a second data receiver 115, and security. The DNP data verification unit 116, the data reconstruction unit 118, and the second data transmission unit 119 may be configured. The master secure communication device 100 for securing the SCADA communication network shown in FIG. 7 is according to an embodiment, and its components are not limited to the embodiment shown in FIG. 7. It can be added, changed or deleted.

According to FIG. 7, the master secure communication apparatus 110 for securing the SCADA communication network according to an embodiment of the present invention does not include a control command forgery detection unit, which detects whether the forgery of the DNP control command data is slave. This is because the master secure communication device 110 does not need to duplicately detect whether the DNP control command data is forged or not because it is made by the secure communication device 120.

8 is a block diagram of a configuration of a slave secure communication device for securing a SCADA communication network according to an embodiment of the present invention.

Referring to FIG. 8, a slave secure communication device 120 for securing a SCADA communication network according to an embodiment of the present invention is connected to a master secure communication device 110 and an out station 20. In addition, the slave secure communication device 120 includes a first data receiver 121, a data determiner 122, an offensive mode configuration unit 123, a first data transmitter 124, a second data receiver 125, and security. The DNP data verification unit 126, the control command forgery detection unit 127, the data reconstruction unit 128, and the second data transmission unit 129 may be configured. The slave secure communication device 120 for securing the SCADA communication network shown in FIG. 8 is according to one embodiment, and its components are not limited to the embodiment shown in FIG. It can be added, changed or deleted.

The data determination unit 122 of the slave secure communication device 120 does not determine whether the DNP data is received from an authorized SCADA server, which controls a control command from an unauthorized SCADA server in the master secure communication device 110. This is because the packet of the DNP data included is dropped, so that the slave secure communication device 120 does not need to determine whether the DNP data is received from an authorized SCADA server.

9 is a flowchart illustrating an example of a message authentication and control method in a master secure communication device that receives data from a master.

9, when the master secure communication device 110 receives the DNP control command data including the DNP control command from the master 10 through TCP / IP (S100), the DNP control command data is analyzed (S110). Then, it is determined whether the DNP control command is received from an authorized SCADA server (S120). In step S120, when the DNP control command is received from an authorized SCADA server, it is determined whether the DNP control command data corresponds to the critical DNP data related to power supply (S130). The packet of command data is dropped (S160). In the step S130, if the DNP control command data is the critical DNP data, secure DNP control command data is generated by applying an offensive mode for each frame (S140). In step S140, the secure DNP control command data may be configured by generating MAC (Message Authentication Code) as authentication data for the DNP control command data using the session-specific session key for authentication, and then adding authentication data after the DNP control command data. have. In operation S150, the secure DNP control command data generated in step S140 is transmitted to the slave secure communication device 120. At this time, if the DNP control command data is not the critical DNP data in step S130, the original DNP control command data is transmitted to the slave secure communication device 120 without adding authentication data (S150).

10 is a flowchart illustrating an example of a message verification and forgery detection method in a slave secure communication device that receives data from a master secure communication device.

Referring to FIG. 10, when the slave secure communication device 120 receives DNP control command data or secure DNP control command data from the master secure communication device 110 through the SCADA communication network 30 (S200), the secure DNP control is performed. It is determined whether the command data (offensive mode DNP control command data) or the general DNP control command data (S210). In the case of the secure DNP control command data configured in the offensive mode, the message authentication value for the secure DNP control command data is verified using a session key for each level control (S220). That is, it is verified in step S220 whether the DNP control command authentication data attached to the secure DNP control command data corresponds to the DNP standard security policy.

When the security DNP control command data is verified or normal DNP control command data, the data is analyzed to detect forgery and attack of the data (S230). Here, in the forgery detection (S230), the control command forgery detection signature database is used. Determining whether or not the security DNP control command data is forged through the detection (S230) (S240), if it is not normal, drops the packet and generates a warning (S260), and if it is normal, secure DNP control command Reconstruct the data into the DNP control command data (S250) and transmit the DNP control command data to the out station 20 (S270).

11 is a flowchart illustrating an example of a message authentication and control method in a slave secure communication device that receives data from an out station.

Referring to FIG. 11, when the slave secure communication device 120 receives the DNP response data including the DNP response from the outstation 20 (S300), it analyzes the DNP response data (S310) and determines whether it is the critical DNP data ( S320). Here, since the control command from the unauthorized server in the master secure communication device 110 drops the packet, the slave secure communication device 120 determines only the critical DNP data.

In step S320, if the DNP response data is critical DNP data, secure DNP response data is generated by applying an offensive mode for each frame (S330). In step S330, the secure DNP response data may be configured by generating MAC as authentication data using the session-specific monitoring session key for the DNP response data, and then adding authentication data after the DNP response data. Then, the secure DNP response data generated in step S330 is transmitted to the master secure communication device 110 (S340). At this time, if the DNP response data is not the critical DNP data in step S320, the original DNP response data is transmitted to the master secure communication device 110 without adding authentication data (S340).

12 is a flowchart illustrating an example of a message verification method in a master secure communication device receiving data from a slave secure communication device.

12, when the master secure communication device 110 receives the DNP response data or the secure DNP response data from the slave secure communication device 120 through the SCADA communication network 30 (S400), the secure DNP response data ( It is determined whether offensive mode DNP response data) or general DNP control command data (S410). In the case of the secure DNP response data configured in the offensive mode, the message authentication value for the secure DNP response data is verified by using a session key for monitoring by grade (S420). That is, in step S420, it is verified whether the DNP response authentication data attached to the secure DNP response data corresponds to the DNP standard security policy.

When the secure DNP response data is verified, the secure DNP response data is reconstructed into the DNP response data (S430), and the DNP response data is transmitted to the master 10 (S440). Here, since the forgery detection for the control command is made in the slave secure communication device 120, the master secure communication device 110 uses only the verification of the control command response and does not use the detection for the forgery attack.

The aforementioned secure communication method for securing the SCADA communication network has been described with reference to the flowchart shown in the drawings. While the above method has been shown and described as a series of blocks for purposes of simplicity, it is to be understood that the invention is not limited to the order of the blocks, and that some blocks may be present in different orders and in different orders from that shown and described herein And various other branches, flow paths, and sequences of blocks that achieve the same or similar results may be implemented. Also, not all illustrated blocks may be required for implementation of the methods described herein.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken as limitations. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

10 master
100 secure communication devices
110 Master Secure Communication Device
120 Slave Secure Communication Device
20 slave
30 SCADA Communication Network

Claims (19)

A secure communication device for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a subnode of the master,
A first data receiver configured to receive DNP data including a DNP control command or a DNP response from the master or the outstation;
An offensive mode component configured to generate secure DNP data by applying an offensive mode that attaches DNP message authentication data corresponding to a DNP standard security policy to the DNP data; And
And a first data transmitter for transmitting the DNP data or the secure DNP data to another secure communication device. The method according to claim 1,
The offensive mode configuration unit,
For generating the DNP message authentication data using a class-specific control session key or class-specific monitoring session key classified according to the DNP control command or a function code of the DNP response. Secure communication devices. The method according to claim 1,
The offensive mode configuration unit,
Secure communication device for SCADA communication network security, characterized in that for generating a secure DNP data by applying an offensive mode for each frame of the DNP data. The method according to claim 1,
The function code of the DNP data received by the first data receiver is analyzed to determine whether the DNP data corresponds to critical DNP data related to power supply, and when the DNP data is critical DNP data, And a data determination unit configured to transmit data to the offensive mode configuration unit, and, if not, to transmit the DNP data to the first data transmission unit. The method of claim 4,
Wherein the data determination unit comprises:
When the DNP data received by the first data receiver is DNP data including a DNP control command received from the master, it is determined whether the DNP control command is received from an authorized SCADA server, and the DNP control command is If it is received from an authorized SCADA server, it is determined whether the DNP data received by the first data receiver corresponds to the critical DNP data, and if not, drop the packet of the DNP data. Secure communication device for SCADA communication network security. The method according to claim 1,
A second data receiver for receiving DNP data or secure DNP data from another secure communication device;
A secure DNP data verification unit verifying whether the DNP message authentication data attached to the secure DNP data corresponds to the DNP standard security policy when the data received by the second data receiver is secure DNP data;
A data reconstruction unit reconstructing the secure DNP data into the DNP data when the DNP message authentication data is verified by the secure DNP data verification unit to correspond to the DNP standard security policy; And
And a second data transmitter for transmitting the DNP data received from the second data receiver or the DNP data reconstructed by the data reconstruction unit to the master or the out station. Device. The method of claim 6,
When the secure DNP data verified by the secure DNP data verification unit is secure DNP data including a DNP control command received from the master, whether the secure DNP data is forged based on a control command forgery detection signature database; SCADA communication network security, characterized in that it further comprises a control command forgery detection unit for detecting, and if it is normal delivers the security DNP data to the data reconstruction unit, and if the forgery is detected, dropping the packet of the security DNP data Secure communication device. A secure communication method for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a subnode of the master,
(a) a master secure communication device receiving DNP control command data including a Distributed Network Protocol (DNP) control command from the master;
(b) generating secure DNP control command data by applying an offensive mode to attach DNP control command authentication data corresponding to a DNP standard security policy to the DNP control command data; And
(c) transmitting the DNP control command data or the secure DNP control command data to a slave secure communication device. The method of claim 8,
The step (b)
And generating the DNP control command authentication data by using the session-specific session key for classifying according to the function code of the DNP control command. The method of claim 8,
The step (b)
And generating secure DNP control command data by applying an offensive mode for each frame of the DNP control command data. The method of claim 8,
(d) analyzing the function code of the DNP control command data received in step (a) and determining whether the DNP control command data corresponds to critical DNP data related to power supply,
If the DNP control command data is critical DNP data, perform step (b); otherwise, perform step (c). The method of claim 11,
(e) determining whether the DNP control command is received from an authorized SCADA server;
If the DNP control command is received from an authorized SCADA server, performing step (d); otherwise, dropping a packet of the DNP control command data; SCADA Communication Secure communication method for network security. The method of claim 8,
(f) the slave secure communication device receiving DNP control command data or secure DNP control command data from the master secure communication device;
(g) if the data received in step (f) is secure DNP control command data, verifying whether the DNP control command authentication data attached to the secure DNP control command data corresponds to the DNP standard security policy;
(h) reconstructing the secure DNP control command data into the DNP control command data when the DNP control command authentication data is verified to correspond to the DNP standard security policy; And
(i) transmitting the DNP control command data received in step (f) or the DNP control command data reconstructed in step (h) to the out station. Secure communication method. The method according to claim 13,
(j) detecting whether the security DNP control command data verified in step (g) is forged or not based on a control command forgery detection signature database,
And performing step (h) if the secure DNP control command data is normal, and dropping a packet of the secure DNP data if forgery is detected. Way. A secure communication method for securing a Supervisory Control And Data Acquisition (SCADA) communication network between a master and an outstation that is a subnode of the master,
(k) receiving, by a slave secure communication device, DNP response data including a Distributed Network Protocol (DNP) response from the outstation;
(1) generating secure DNP response data by applying an offensive mode to attach DNP response authentication data corresponding to a DNP standard security policy to the DNP response data; And
(m) transmitting the DNP response data or the secure DNP response data to a master secure communication device. 16. The method of claim 15,
The step (l)
And generating the DNP response authentication data using a monitoring session key for each level classified according to a function code of the DNP response. 16. The method of claim 15,
The step (l)
And generating a secure DNP response data by applying an offensive mode for each frame of the DNP response data. 16. The method of claim 15,
(n) analyzing the function code of the DNP response data received in step (k) to determine whether the DNP response data corresponds to critical DNP data related to power supply,
If the DNP response data is critical DNP data, perform step (l); otherwise, perform step (m). 16. The method of claim 15,
(o) the master secure communication device receiving DNP response data or secure DNP response data from the slave secure communication device;
(p) if the data received in step (o) is secure DNP response data, verifying whether the DNP response authentication data attached to the secure DNP response data corresponds to the DNP standard security policy;
(q) reconstructing the secure DNP response data into the DNP response data when the DNP response authentication data is verified to correspond to the DNP standard security policy; And
(r) transmitting the DNP response data received in step (o) or the reconstructed DNP response data in step (q) to the master. .
KR1020120105705A 2012-09-24 2012-09-24 Secure communication apparatus and method for securing SCADA communication network KR102018064B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120105705A KR102018064B1 (en) 2012-09-24 2012-09-24 Secure communication apparatus and method for securing SCADA communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120105705A KR102018064B1 (en) 2012-09-24 2012-09-24 Secure communication apparatus and method for securing SCADA communication network

Publications (2)

Publication Number Publication Date
KR20140043537A true KR20140043537A (en) 2014-04-10
KR102018064B1 KR102018064B1 (en) 2019-09-05

Family

ID=50651986

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120105705A KR102018064B1 (en) 2012-09-24 2012-09-24 Secure communication apparatus and method for securing SCADA communication network

Country Status (1)

Country Link
KR (1) KR102018064B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101520769B1 (en) * 2014-06-17 2015-05-14 울산과학대학교 산학협력단 Method and apparatus for secure and efficient scada system
KR20160038935A (en) * 2014-09-30 2016-04-08 한국전력공사 Secure communication apparatus and method of distribute network protocol message
KR20170030374A (en) * 2015-09-09 2017-03-17 한국전력공사 Apparatus and method for providing secure authentication of distributed network protocol
KR20180066737A (en) 2016-12-09 2018-06-19 한전케이디엔주식회사 Distribution intelligence system with ip based security method
KR102125047B1 (en) 2018-12-26 2020-06-19 한전케이디엔 주식회사 Key Management and Operation Method for Improving Security of Distribution Intelligence System

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090102469A (en) * 2008-03-26 2009-09-30 한국전기연구원 System and method for data protection and security of scada network based on dnp
KR20100078584A (en) * 2008-12-30 2010-07-08 한국전기연구원 Multiple encryption apparatus and method for supervisory control and data acquisition communication security
KR100994880B1 (en) * 2008-07-11 2010-11-16 엘에스산전 주식회사 System and method for acquiring power monitoring data using distributed network protocol
KR20110068072A (en) * 2009-12-15 2011-06-22 에스케이 텔레콤주식회사 Method and apparatus for managing security document

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090102469A (en) * 2008-03-26 2009-09-30 한국전기연구원 System and method for data protection and security of scada network based on dnp
KR100994880B1 (en) * 2008-07-11 2010-11-16 엘에스산전 주식회사 System and method for acquiring power monitoring data using distributed network protocol
KR20100078584A (en) * 2008-12-30 2010-07-08 한국전기연구원 Multiple encryption apparatus and method for supervisory control and data acquisition communication security
KR20110068072A (en) * 2009-12-15 2011-06-22 에스케이 텔레콤주식회사 Method and apparatus for managing security document

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101520769B1 (en) * 2014-06-17 2015-05-14 울산과학대학교 산학협력단 Method and apparatus for secure and efficient scada system
KR20160038935A (en) * 2014-09-30 2016-04-08 한국전력공사 Secure communication apparatus and method of distribute network protocol message
KR20170030374A (en) * 2015-09-09 2017-03-17 한국전력공사 Apparatus and method for providing secure authentication of distributed network protocol
KR20210125965A (en) * 2015-09-09 2021-10-19 한국전력공사 Apparatus and method for providing secure authentication of distributed network protocol
KR20180066737A (en) 2016-12-09 2018-06-19 한전케이디엔주식회사 Distribution intelligence system with ip based security method
KR102125047B1 (en) 2018-12-26 2020-06-19 한전케이디엔 주식회사 Key Management and Operation Method for Improving Security of Distribution Intelligence System

Also Published As

Publication number Publication date
KR102018064B1 (en) 2019-09-05

Similar Documents

Publication Publication Date Title
CN107094155B (en) Data security storage method and device based on alliance block chain
CN106789015B (en) Intelligent power distribution network communication safety system
US7698555B2 (en) System and method for enabling secure access to a program of a headless server device
RU2459369C2 (en) Method and device for real-time message transfer
KR102018064B1 (en) Secure communication apparatus and method for securing SCADA communication network
US20180270052A1 (en) Cryptographic key distribution
Lim et al. Security protocols against cyber attacks in the distribution automation system
US20130081112A1 (en) Global Terminal Management Using 2-Factor Authentication
CN106685775A (en) Self-inspection type invasion prevention method and system for intelligent household electrical appliance
CN116405302B (en) System and method for in-vehicle safety communication
CN106027473A (en) Identity card reading terminal and cloud authentication platform data transmission method and system
CN110474921A (en) A kind of perception layer data fidelity method towards local Internet of Things
CN103647788A (en) Node safety authentication method in smart grid
US11245699B2 (en) Token-based device access restriction systems
KR101599213B1 (en) Method and system for providing service detection rule in network security
Gilles et al. Securing IIot communications using OPC UA pubsub and trusted platform modules
CN111314382A (en) Network safety protection method suitable for high-frequency emergency control system
CN100596350C (en) Method for encrypting and decrypting industrial control data
CN112514322A (en) Method for managing keys inside a vehicle
KR101691201B1 (en) Secure communication apparatus and method of distribute network protocol message
CN104247326A (en) Field bus data transmission
CN102804724B (en) The transfer of data of anti-manipulation between automation equipment
KR101339013B1 (en) Method for processing multi security of dnp message in data link
CN105763518A (en) B/S architecture-based remote data encryption method
KR101112169B1 (en) Scada apparatus, control command authenticating apparatus capable of authenticating control command and method for authenticating control command in scada system

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant