Abstract :
An increasing number of factory automation systems are connected to the Internet or other public networks, and secured by firewalls, intrusion detection systems (IDSs), etc. In order to detect attacks, correlation of firewalls, router, proxy, and IDS logs is necessary. Successful correlation requires, among other things, synchronized time stamps for all the log entries created by different sources. The automation system usually contains a rather accurate time source, which could be used to derive the time base for all system components, including the above-mentioned security mechanisms. A number of standard protocols exist for time synchronization. It will be shown that these protocols do not fulfill the necessary security requirements. In particular, they open up the automation system network to denial-of-service attacks from the outside. Various design alternatives and the requirements for an alternative time synchronization protocol are discussed.
Keywords :
Internet; factory automation; protocols; security of data; synchronisation; Internet; denial-of-service attack; factory automation system; firewall; high-availability system; intrusion detection system log; protocol; security log time synchronization; time stamp synchronization; Best practices; Computer crime; Data security; Delay; IP networks; Intrusion detection; Manufacturing automation; Network topology; Protocols; Real time systems;
