Читать книгу SCADA Security - Xun Yi - Страница 28

There are over 150 protocols utilized by SCADA systems (Igure et al., 2006) but only a small group is widely used. Modbus (IDA, 2004) and DNP3 (Majdalawieh et al., 2006) are examples of such well‐known protocols. The communication protocol in SCADA is the main weakness regarding security and can be easily attacked from there. Firstly, when the communication protocols were initially proposed for the SCADA network, people were focusing more on their efficiency and effectiveness without considering the potential security issues they might encounter in the future. As the security concerns became critical, security researchers discovered that it was not easy to address this issue. One reason is that the upgrade or replacement of a vital SCADA network in old industrial systems can stop production. Secondly, most of the original SCADA systems were often separate from other corporate networks. Hence, a large number of communication layers and protocols were designed separately, including GE Fanuc, Siemens Sianut, Toshiba, Modbus RTU/ASCII, Allen Bradley DF1/DH, and other vendor protocols.

Figure 2.3 Third‐generation SCADA architecture.

Modbus is a widely used industrial protocol that works at application level and ensures that data delivery is carried out correctly between devices connected on different kinds of buses or networks. Modbus devices adapted a clientserver approach, where the Modbus slave device represents the server side while the Modbus master device represents the client side of the communication model. Only the master (Client) initiates the communication, while the slave (Server) listens to the request from the master in order to supply the requested data or execute the requested action. This means Modbus is a request/reply protocol, and has been widely used by millions of automation devices as industry's serial de facto standard communication protocol since 1979. Recently, this protocol has been integrated with TCP/IP and offers a modified version called Modbus/TCP that uses the TCP/IP as transport and network protocols (Modbus Organization, 2020).

Figure 2.4 The Modbus frame.

Figure 2.4 shows two modes of the Modbus protocol, namely, Modbus RTU and Modbus TCP/IP. The former is the most common implementation and uses binary coding and CRC error‐checking. Each message in this mode must be transmitted continuously without inter‐character hesitations and is framed by idle (silent) periods. As seen, Modbus PDU includes the Function Code field and Data payload. The server, which listens to any request from the client device, performs actions according to the function codes in the specifications of the protocol. The latter is simply the Modbus RTU protocol with a TCP interface that runs on Ethernet and carries the data of the Modbus message structure between compatible devices and allows them to communicate over a network. As shown in Figure 2.4, a standard Modbus data frame is embedded into a TCP frame without the Modbus checksum because standard Ethernet TCP/IP link layer checksum methods are used to check data integrity.