Abstract :
With advancing of communication technologies, various protocols have been designed, developed and widely deployed in modern industries, including power industry. And the security issues of these protocol systems which involve the security of national infrastructure have gained more and more concerns. Since protocols are not only communication services, but also evolving developing processes, security vulnerabilities could be introduced at the any stage of protocol lifecycle. In this paper, we present the "Secure Protocol Lifecycle" concept which covers different stages of protocol lifecycle: requirement, design, implementation and deployment. We analyze security issues in each stage, and present corresponding solutions. By guiding, validating, auditing and testing the different stages of the protocol lifecycle, this solution can systematically improve the security quality of power industry protocol products or systems, e.g. IEC 61850, ModBus, DNP3, IEC 60870-5, etc. for infrastructure security.
Keywords :
data communication; electricity supply industry; power system security; protocols; national infrastructure security; power industry; power quality security; protocol lifecycle; Communication industry; Communication system security; Communications technology; IEC standards; Life testing; National security; Power industry; Power system security; Protocols; System testing; Adversary Mode; Code Audit; Formal Verification; Fuzz Testing; Protocol Lifecycle; SCADA Protocols; Security;
