International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 9 - Issue 3, March 2020 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Security Vulnerabilities Of Scada Communication Protocols

[Full Text]



Rajesh L, P Satyanarayana



Communication Protocol, Cyber Security, Industrial Control Systems, MODBUS, PLC, RTU, SCADA Systems.



SCADA system plays a key role in Industrial Control Systems for monitoring and remote controlling process plants like Oil & Gas refineries, nuclear power plants, power generation and manufacturing industries. These systems are sharing sensor data to external world through internet and company corporate networks. It opens the doors for cyber security attacks. Communication protocols are running in SCADA systems for continually transferring sensor data to SCADA servers and vice-versa. MODBUS is one of the most widely used protocols in SCADA systems. In this paper, we reviewed security of SCADA systems, communication protocols and proposed methods to enhance the security of these protocols.



[1]. Jason Stamp, John Dillinger, William Young, and Jennifer DePoy." common vulnerabilities in critical infrastructure control systems" SANS SANSFIRE 2003 and National Information Assurance Leadership Conference V – (NIAL), July 14-22, 2003, Washingdon, DC
[2]. Alvaro A. C ardenas, Saurabh Amin, Shankar Sastry. "Research Challenges for the Security of Control Systems", 3rd USENIX workshop on Hot Topics in Security (HotSec '08). Associated with the 17th USENIX Security Symposium. San Jose, CA, USA. July 2008.
[3]. https://www.dhs.gov/critical-infrastructure-sectors
[4]. https://ics-cert.us-cert.gov/
[5]. Zio, E. (2016). “Critical Infrastructures Vulnerability and Risk Analysis”, European Journal for Security Research, 1(2), 97-114. doi:10.1007/s41125-016-0004-2
[6]. Song, Jae-Gu, Jung-Woon Lee, Gee-Yong Park, Kee-Choon Kwon, Dong-Young Lee, and Cheol-Kwon Lee. "An Analysis Of Technical Security Control Requirements For Digital I&c Systems In Nuclear Power Plants." Nuclear Engineering and Technology 45.5 (2013): 637-52. Web.
[7]. Cherdantseva, Yulia, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, and Kristan Stoddart. "A review of cyber security risk assessment methods for SCADA systems." Computers & Security 56 (2016): 1-27. Web.
[8]. Dobriceanu, Mircea, et al. "SCADA system for monitoring water supply networks." WSEAS Transactions on Systems 7.10 (2008): 1070-1079.
[9]. Graham, J.; Patel, S ., (2004), “Security Considerations In SCADA Communication Protocols.” Technical Report Tr-Isrl-04-01; Intelligent Systems Research Laboratory: Louisville, KY, USA.
[10]. Kang, Dong-Joo, Jong-Joo Lee, Seog-Joo Kim, and Jong-Hyuk Park. "Analysis on cyber threats to SCADA systems." 2009 Transmission & Distribution Conference & Exposition: Asia and Pacific (2009)
[11]. MODBUS Over Serial Line Specification & Implementation Guide V1.02, Modbus Organization, Dec 20, 2006
[12]. MODBUS Messaging On Tcp/Ip Implementation Guide V1.0b, Modbus Organization, Oct 24, 2006
[13]. MODBUS Appl Protocol Specification V1.1 b3, Modbus Organization, April 26, 2012
[14]. Huitsing, Peter, Rodrigo Chandia, Mauricio Papa, and Sujeet Shenoi. "Attack taxonomies for the Modbus protocols." International Journal of Critical Infrastructure Protection 1 (2008): 37-44. doi:10.1016/j.ijcip.2008.08.003.
[15]. Nardone, Roberto, Ricardo J. Rodriguez, and Stefano Marrone. "Formal security assessment of Modbus protocol." 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (2016)
[16]. Rajesh, L., and Penke Satyanarayana. “Communication Protocol Security in Industrial Control Systems to Protect National Critical Infrastructure.” Journal of Advanced Research in Dynamical and Control Systems 9.6 (2017): 290–304
[17]. Pidikiti, D. S., Kalluri, R., Kumar, R. K., & Bindhumadhava, B. S. (2013). “SCADA communication protocols: vulnerabilities, attacks and possible mitigations”. CSI Transactions on ICT,1(2), 135-141. doi:10.1007/s40012-013-0013-5
[18]. Morris, T. H., Jones, B. A., Vaughn, R. B., & Dandass, Y. S. (2013). “Deterministic Intrusion Detection Rules for MODBUS Protocols. 2013 46th Hawaii International Conference on System Sciences”. doi:10.1109/hicss.2013.174
[19]. Morris, T., Vaughn, R., & Dandass, Y. (2012). “A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems
“. 2012 45th Hawaii International Conference on System Sciences. doi:10.1109/hicss.2012.78
[20]. Fovino, I. N., Carcano, A., Masera, M., & Trombetta, A. (2009). “Design and Implementation of a Secure Modbus Protocol”. IFIP Advances in Information and Communication Technology Critical Infrastructure Protection III, 83-96. doi:10.1007/978-3-642-04798-5_6
[21]. Shahzad, A., Lee, M., Lee, Y., Kim, S., Xiong, N., Choi, J., & Cho, Y. (2015). Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information. Symmetry,7(3), 1176-1210. doi:10.3390/sym7031176
[22]. Shahzad, A., Musa, S., & Irfan, M. (2014). Security Solution for SCADA Protocols Communication during Multicasting and Polling Scenario. Trends in Applied Sciences Research,9(7), 396-405. doi:10.3923/tasr.2014.396.405
[23]. Shahzad, A.A. and S. Musa, 2012. Cryptography and authentication placement to provide secure channel for SCADA communication. International Journal of Security., 6: 28-44.
[24]. L. Rajesh, P. Satyanarayana, “Vulnerability Analysis and Enhancement of Security of Communication Protocol in Industrial Control Systems”, Helix - The Scientific Explorer, Vol. 9, No. 04, pp. 5122-5127, 2019.