• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Testing and Exploring Vulnerabilities of the Applications Implementing IEC 60870-5-104 Protocol

Cheah, Zi Bin
Master thesis
View/Open
646843_COVER01.pdf (Locked)
646843_FULLTEXT01.pdf (Locked)
URI
http://hdl.handle.net/11250/262826
Date
2008
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1642]
Abstract
IEC 60870-5-104 protocol is an important protocol in the SCADA system. ABB Company uses this protocol for monitoring and managing power utility devices. These devices are interconnected and form part of an important SCADA systems.As SCADA environment becomes more interconnected to the networked world, the understanding of SCADA and it's associated protocol increases in the public domain. The concept of security by obscurity that protected the SCADA environment is no more efficient. In this thesis we look at the many characteristics of power utility SCADA devices and it's possible weaknesses.This thesis studied the IEC 60870-5-104 protocol. We used a method called ?fuzzing? to test the protocol implementation in ABB devices. This method allows us to inject random or semi-random data into ABB devices. We also used vulnerability scanners and HTTP scanner to probe the ABB device. Finally, we performed a TCP/IP based attack on the device as a proof-of-concept that these devices are vulnerable to TCP/IP based attacks. IEC 60870-5-104 is vulnerable to IEC 60870-5-104 attack because it sits on top of the TCP/IP stack. With the test results, we have suggested improvements and propose on future work. The author of this thesis has signed an Non Disclosure Agreement with ABB Corporate Research Centre, Oslo. The content of this thesis should only be read by people who have also signed the Non Disclosure Agreement.
Publisher
Institutt for telematikk

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit