Munir Majdalawieh

Security Framework for Dnp3 and Scada: New Dnpsec Framework to Enable Cia Placed Directly Indnp3, Simulation Study, and Enable Authorizationservices by the Usage of Rbac in Scada Munir Majdalawieh

In this work I recommend a new DNPSec framework toenable confidentiality, integrity, and authenticity(CIA) placed directly in the DNP3. Such a frameworkrequires some modifications in the data structure ofthe DNP3 Data Link layer. My main goal is to addressthe threats related to CIA in the DNP3 as part ofSCADA architecture, with a minimum performance impacton the communication link; and without requiringmodification to the much more expensive Master andSubstation devices and the applications supportingthem. Also, and as part of this work, I develop aproof of concept for the DNPSec framework byconducting simulation studies to measure theperformance impact by adding DNPSec functionality onthe communication links and end nodes. One otherrecommendation in my work is to enable authorizationservices by the usage of the Role-Based AccessControl (RBAC) model to define the users? securityroles, permissions, authorization, and role hierarchyas one measure to access the SCADA system. Achievingthe desired level of authorization and access controlwill involve integrating the security system withSCADA operations and building RBAC capabilities inthe application level.