|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Vulnerabilities assessment for industrial protocols
Zahradník, Jiří ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
Thesis deals with testing of selected vulnerabilities from the IEC 61850 standard and following design of mitigation measures for selected vulnerabilities. Author simulated vulnerabilities of the GOOSE protocol, NTP attack and attack ona MMS client. Those attacks were GOOSE stNum, GOOSE semantic, GOOSE test bit,GOOSE replay, GOOSE flood, NTP spoofing and MMS password capture. Attacks on protocols GOOSE and MMS were successful, attack on NTP was only partially successful since the device confirmed receiving spoofed time, however it did not change it’s inner clock. Author then designed possible mitigation measures. Tool for automatic testing of selected vulnerabilities, parser for the GOOSE protocol and lightweight multiplatform parser for configuration files were created as well.The outcome of this thesis allows the implementation of lager scale tool for penetration testing of industrial networks as well as it allows implementation of discussed mitigation measures.
|
|
|
Energy protocol recognition using artificial intelligence
Racka, Jan ; Holasová, Eva (referee) ; Bohačík, Antonín (advisor)
The master's thesis focuses on classification of secure network traffic of energy protocols using convolutional neural network. The theoretical part discusses the issues of neural networks and their use in network traffic classification. In addition, the energy protocols Modbus, IEC 104, TASE.2, DNP3, GOOSE, SMV, MMS, and the standard DLMS/COSEM are analyzed, including their security. In the subsequent practical part, a convolutional neural network is implemented to recognize the mentioned protocols in their secured versions. Unsecured traffic records from publicly available repositories and from traffic simulators of the mentioned protocols, and captured data in an energy polygon were used to train the neural network. TLS and GOOSE convertotrs were developed to obtain secured traffic, which ensured that the protocols using same security mechanisms were secured uniformly. The resulting secured traffic was preprocessed into a two-dimensional format and was presented as input to the neural network for learning. The input image was created from the application parts of packets of the energy protocol session and formatted to the 28 × 28 byte image. The resulting network accuracy on the test data was 95,75 %. Furthermore, the network was tested on real traffic in an energy polygon, where it correctly recognized several protocols. A classifier for the operational state of a station that communicates using IEC 104 secured with TLS was developed as part of a partial objective of the thesis. The task of the classifier was to recognize, using encrypted messages, the state of the tested station. The classifier consisted of a convolutional neural network, which were usinga two-dimensional image consisting of information from a sequence of five consecutive packets as input. The information consisted of the interarrival time between packets, the length of the TLS encrypted application data, and the encrypted application data up to size 64 B. To obtain enough data to train the convolutional network, a simulator of characteristic messages for each state was developed. The classifier showed an accuracy of 43,05 % on the test data after the learning phase. Next, the classifier underwent testing on the test stations, where it was able to distinguish normal state of the state from events, but could not distinguish certain events of similar nature from each other.
|
|
|
Cyber security for power engineering
Sedláková, Dáša ; Kohout, David (referee) ; Mlýnek, Petr (advisor)
Due to the IT and OT networks convergence, industrial systems are becoming vulnerable to different forms of security threats including rapidly growing cyber-attacks. Thesis is focused on an analysis of security recommendations in IEC 62351, vulnerability testing of industrial communication protocols (e.g., IEC 61850) and mitigations proposal. An ATT&CK framework for ICS was chosen to become a methodology base for vulnerability testing. ATT&CK tactics and techniques were used to practically test vulnerability scans, SMV time synchronization, GOOSE spoofing, MMS Man in the Middle and ICMP Flood attacks. Attacks tested were evaluated with a risk analysis. Subsequently, mitigation measures were proposed on several levels (OT, IT, perimeter and physical level).
|
|
|
Vulnerabilities assessment for industrial protocols
Zahradník, Jiří ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
Thesis deals with testing of selected vulnerabilities from the IEC 61850 standard and following design of mitigation measures for selected vulnerabilities. Author simulated vulnerabilities of the GOOSE protocol, NTP attack and attack ona MMS client. Those attacks were GOOSE stNum, GOOSE semantic, GOOSE test bit,GOOSE replay, GOOSE flood, NTP spoofing and MMS password capture. Attacks on protocols GOOSE and MMS were successful, attack on NTP was only partially successful since the device confirmed receiving spoofed time, however it did not change it’s inner clock. Author then designed possible mitigation measures. Tool for automatic testing of selected vulnerabilities, parser for the GOOSE protocol and lightweight multiplatform parser for configuration files were created as well.The outcome of this thesis allows the implementation of lager scale tool for penetration testing of industrial networks as well as it allows implementation of discussed mitigation measures.
|
guest ::
