Description

In this work I recommend a new DNPSec framework to enable con-fidentiality, integrity, and authenticity (CIA) placed directly in the DNP3. Such a framework requires some modifications in the data structure of the DNP3 Data Link layer. My main goal is to address the threats related to CIA in the DNP3 as part of SCADA architecture, with a minimum performance impact on the communication link; and without requiring modification to the much more expensive Master and Substation devices and the applications supporting them. Also, and as part of this work, I develop a proof of concept for the DNPSec framework by conducting simulation studies to measure the performance impact by adding DNPSec functionality on the communication links and end nodes. One other recommendation in my work is to enable authorization services by the usage of the Role-Based Access Control (RBAC) model to define the users' security roles, permissions, authorization, and role hierarchy as one measure to access the SCADA system. Achieving the desired level of authorization and access control will involve integrating the security system with SCADA operations and building RBAC capabilities in the application level.