Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol

摘要

Traditionally supervisory control and data acquisition (SCADA) networks were physically isolated, providing some inherent level of security; yet, as these networks slowly converged with both corporate intranets and the Internet, their security continually eroded. The gradual evolution of SCADA systems has introduced many novel and previously unknown security risks. During the advent of SCADA technologies, a heavy focus was put on providing system robustness, safety, and reliability. Because of this, widely deployed SCADA protocols like Modbus and DNP3 provide no inherent security controls. In this paper, we will propose a novel Modbus alternative capable of providing secure, backward-compatible Modbus message transmission using stream control transmission protocol and hash-based message authentication code technologies. This proposed protocol improvement ensures the availability and integrity of Modbus messages while providing a robust and secure mutual authentication mechanism. Improvements upon the legacy Modbus protocol aim to mitigate common SCADA protocol attack vectors.